Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-25310
HistoryFeb 02, 2021 - 3:15 p.m.

CVE-2021-25310

2021-02-0215:15:16
CWE-150
CWE-78
[email protected]
web.nvd.nist.gov
2
web interface
remote authenticated attackers
root privileges
shell metacharacters
command execution
mini_httpd
post parameter
vulnerability
product maintenance

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.3%

JSON

The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine

Affected configurations

Nvd
Node
belkinlinksys_wrt160nlMatch-
AND
belkinlinksys_wrt160nl_firmwareMatch1.0.04.002_us_20130619
VendorProductVersionCPE
belkinlinksys_wrt160nl-cpe:2.3:h:belkin:linksys_wrt160nl:-:*:*:*:*:*:*:*
belkinlinksys_wrt160nl_firmware1.0.04.002_us_20130619cpe:2.3:o:belkin:linksys_wrt160nl_firmware:1.0.04.002_us_20130619:*:*:*:*:*:*:*

Related

vulnrichment 1
cve 1
prion 1
checkpoint_advisories 1
cvelist 1
vulnrichment
vulnrichment
CVE-2021-25310
2021-02-02 14:01:08
cve
cve
CVE-2021-25310
2021-02-02 15:15:16
prion
prion
Design/Logic Flaw
2021-02-02 15:15:00
checkpoint_advisories
checkpoint_advisories
Belkin Linksys WRT160NL Command Injection (CVE-2021-25310)
2021-02-18 00:00:00
cvelist
cvelist
CVE-2021-25310
2021-02-02 14:01:08

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.005

Percentile

76.3%

JSON
Related for NVD:CVE-2021-25310
vulnrichment1cve1prion1checkpoint_advisories1cvelist1