CVE-2023-31742

CWE-77Command Injection3 documents3 sources
Severity
7.2HIGH
EPSS
65.0%
top 1.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linksys Wrt54gl Firmware
Timeline
PublishedMay 22

Description

There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

NVDlinksys/wrt54gl_firmware4.30.18.006

🔴Vulnerability Details

2
GHSA
GHSA-x33h-89gf-vgxq: There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 42023-05-22
CVEList
CVE-2023-31742: There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 42023-05-22
CVE-2023-31742 (HIGH CVSS 7.2) | There is a command injection vulner | cvebase.io