AI Score
Confidence
Low
EPSS
Percentile
76.3%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine
[
{
"cpes": [
"cpe:2.3:h:belkin:linksys_wrt_160nl:-:*:*:*:*:*:*:*"
],
"vendor": "belkin",
"product": "linksys_wrt_160nl",
"versions": [
{
"status": "affected",
"version": "-"
}
],
"defaultStatus": "unknown"
}
]