HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2021-25310

CVSS 8.8v3.1pub. 2021-02-02upd. 2024-11-21

The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Belkin Linksys Wrt160nl

    HW
    Belkin
    wszystkie wersje
  • Belkin Linksys Wrt160nl Firmware

    OS
    Belkin
    1.0.04.002_us_20130619
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2023-27217CRITICAL9.8ten sam vendor

A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2...

CVE-2022-30105CRITICAL9.8ten sam vendor

In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and aft...

CVE-2013-7173CRITICAL9.8ten sam vendor

Belkin n750 routers have a buffer overflow.

CVE-2013-3091CRITICAL9.8ten sam vendor

An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass aut...

CVE-2013-2748CRITICAL9.8ten sam vendor

Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto th...