Lucene search

MitreCVE-2023-31742

HistoryMay 22, 2023 - 5:15 p.m.

CVE-2023-31742

2023-05-2217:15:09

CWE-77

mitre

web.nvd.nist.gov

cve-2023-31742

linksys wrt54gl

command injection

firmware vulnerability

web management privileges

shell privileges

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.

Affected configurations

Nvd

Node

linksyswrt54gl_firmwareMatch4.30.18.006

AND

linksyswrt54glMatch-

VendorProductVersionCPE
linksyswrt54gl_firmware4.30.18.006cpe:2.3:o:linksys:wrt54gl_firmware:4.30.18.006:*:*:*:*:*:*:*
linksyswrt54gl-cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linksys	wrt54gl_firmware	4.30.18.006	cpe:2.3:o:linksys:wrt54gl_firmware:4.30.18.006:::::::*
linksys	wrt54gl	-	cpe:2.3:h:linksys:wrt54gl:-:::::::*

References

linksys.com

github.com/D2y6p/CVE/blob/main/Linksys/CVE-2023-31742/Linksys_WRT54GL_RCE.pdf

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

Related for CVE-2023-31742