Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Belkin Intermational Linksys Velop 安全漏洞
Vulnerability Description
Belkin Intermational Linksys Velop是美国Belkin Intermational公司的一套家庭WiFi无线网络解决方案。 Belkin Intermational Linksys Velop 1.1.2.187020版本中存在安全漏洞。攻击者可借助cgi-bin/zbtest.cgi脚本或cgi-bin/zbtest2.cgi脚本利用该漏洞注入命令,获取完整的root访问权限。
CVSS Information
N/A
Vulnerability Type
N/A