Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter.
The attacker sends a specially crafted request containing malicious system commands embedded in the password parameter handled by the runtime.ddnsStatus function responsible for Dynamic DNS handling. The device does not properly filter input data passed to the system shell interpreter, allowing for injection and execution of arbitrary commands in the context of the router's operating system. The vulnerability is remotely accessible, requires no authentication or user interaction, and the attack vector is network-based (AV:N/AC:L/PR:N/UI:N).
An attacker can gain full control of the device — read confidential configuration data, modify network settings, and also use the router as an entry point for further attacks on the internal network (lateral movement).
Patches available from the manufacturer should be applied according to the references. Until an update is obtained, it is recommended to restrict access to the router's administrative interface only to trusted hosts and disable the Dynamic DNS (DynDNS) function if it is not actively used.
Linksys E5600 with firmware version v1.1.0.26
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLinksys E5600
HWLinksyswszystkie wersjeLinksys E5600 Firmware
OSLinksys1.1.0.26
Related vulnerabilities
Command injection w Linksys E5600 — parametr mc.ip funkcji macClone
Command injection w Linksys E5600 — funkcja ddnsStatus
Command injection w Linksys E5600 via parametr mailex funkcji DynDNS
Command injection w Linksys E5600 — funkcja runtime.InternetConnection
Command injection w Linksys E5600 via parametr hostname (DynDNS)