5 matches found
Linksys ESeries OS Command Injection (CVE-2018-3953; CVE-2018-3954; CVE-2018-3955)
A command injection vulnerability exists in the Linksys E Series line of routers. An attacker can exploit these bugs by sending an authenticated HTTP request to the network configuration service. An attacker could then gain the ability to arbitrarily execute code on the machine...
CVE-2018-3953
Devices in the Linksys ESeries line of routers Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04 are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input...
CVE-2018-3953
CVE-2018-3953/3954/3955 affects Linksys E-Series (E1200 v2.0.09; E2500 v3.0.04). Root cause: OS command injection via nvram_get/nvram_set path triggered after data from the web portal’s Router Name, written to NVRAM and then executed in preinit/start_lltd, affecting hostname and related domain na...
Vulnerability Spotlight: Linksys ESeries Multiple OS Command Injection Vulnerabilities
These vulnerabilities were discovered by Jared Rittle of Cisco Talos. Cisco Talos is disclosing several vulnerabilities in the operating system on the Linksys E Series of routers. Multiple exploitable OS command injection vulnerabilities exist in the Linksys E Series line of routers. An attacker...
CVE-2018-3953
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/linksyse1500e2500exec.rb 2018-05-29 15:50:33+00:00| seen|...