Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary code execution in Linksys WUMC710
Vulnerability Description
An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Linksys WUMC710 操作系统命令注入漏洞
Vulnerability Description
Linksys WUMC710是美国Linksys公司的一款通用媒体连接器。 Linksys WUMC710 Wireless-AC Universal Media Connector 1.0.02 (build3)版本及之前版本存在安全漏洞。攻击者利用该漏洞以root身份在底层Linux操作系统上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A