Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary code execution in Linksys WRT54GL
Vulnerability Description
An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Linksys WRT54GL 操作系统命令注入漏洞
Vulnerability Description
Linksys WRT54GL是美国Linksys公司的一款无线路由器。 Linksys WRT54GL Wireless-G Broadband Router 4.30.18.006版本及之前版本存在安全漏洞。攻击者利用该漏洞以root身份在底层Linux操作系统上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A