![]() This occurs in do_upgrade_post in mini_httpd. ** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. If the device has remote management enabled and is connected directly to the internet, this vulnerability is exploitable over the internet without interaction. A user who has access to the web interface of the device can extract these secrets. This web page is visible when remote management is enabled. This web page calls a show_sysinfo function which retrieves WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. This issue affects: Linksys MR8300 Router 1.0. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.Ĭommand injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |