Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands.
Vulnerability Description
Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Linksys MR8300 操作系统命令注入漏洞
Vulnerability Description
Linksys MR8300是美国Linksys公司的一款高性能三频路由器。 Linksys MR8300 Router 1.0 版本存在操作系统命令注入漏洞,该漏洞源于在注册DDNS服务时,通过指定用户名和密码,连接到路由器Web界面的攻击者可以执行任意操作系统命令。用户名和密码字段没有经过正确处理并用作URL构造参数,允许URL重定向到任意服务器,下载任意脚本文件并最终在设备中执行该文件。
CVSS Information
N/A
Vulnerability Type
N/A