CVE-2018-3955

CWE-78 — OS Command Injection4 documents4 sources

Severity

7.2HIGH

EPSS

1.5%

top 18.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linksys Eseries E1200 Linksys Eseries E2500 Linksys E1200 Firmware +1 more

Timeline

PublishedOct 17

Latest updateMay 13

Description

An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted t…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages4 packages

▶NVDlinksys/e1200_firmware2.0.09

▶NVDlinksys/e2500_firmware3.0.04

▶CVEListV5linksys/eseries_e1200Firmware Version 2.0.09

▶CVEListV5linksys/eseries_e2500Firmware Version 3.0.04

🔴Vulnerability Details

GHSA

GHSA-v2p8-7jjc-gfv9: An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2↗2022-05-13

▶

CVEList

CVE-2018-3955: An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2↗2018-10-17

▶