Lucene search

MitreCVE-2024-42633

HistoryAug 19, 2024 - 4:15 p.m.

CVE-2024-42633

2024-08-1916:15:08

CWE-78

mitre

web.nvd.nist.gov

command injection

linksys e1500

os commands

authentication

root privileges

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

28.6%

JSON

A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001. As a result, an authenticated attacker can execute OS commands with root privileges.

Affected configurations

Nvd

Node

linksyse1500_firmwareMatch1.0.06.001

AND

linksyse1500Match-

VendorProductVersionCPE
linksyse1500_firmware1.0.06.001cpe:2.3:o:linksys:e1500_firmware:1.0.06.001:*:*:*:*:*:*:*
linksyse1500-cpe:2.3:h:linksys:e1500:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linksys	e1500_firmware	1.0.06.001	cpe:2.3:o:linksys:e1500_firmware:1.0.06.001:::::::*
linksys	e1500	-	cpe:2.3:h:linksys:e1500:-:::::::*

References

github.com/goldds96/Report/blob/main/Linksys/E1500/CI.md

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

28.6%

JSON

Related for CVE-2024-42633