Details of VAR-201704-1632

ID

VAR-201704-1632

TITLE

Linksys Smart Wi-Fi Routers Command Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-05025

DESCRIPTION

LinksysSmartWi-FiRouters are smart Wi-Fi routers. There is a command injection vulnerability in LinksysSmartWi-FiRouters. An attacker can inject and execute malicious code on the device's operating system with root privileges through device authentication. If you have the ability to create a backdoor account for continuous access, the backdoor account will not be displayed on the web interface and cannot be deleted using the administrator account.

Trust: 0.6

sources: CNVD: CNVD-2017-05025

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-05025

AFFECTED PRODUCTS

vendor:	belkin	model:	linksys wrt3200acm	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys wrt1900acs	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys wrt1900ac	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys wrt1200ac	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea9500	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea9400	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea9200	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea8500	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea8300	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea7500	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea7400	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea7300	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6900	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6700	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6500	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6400	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6350v3	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6350v2	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6300	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6200	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea6100	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea4500v3	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea3500	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea2750	scope:	-	version:	-	Trust: 0.6
vendor:	belkin	model:	linksys ea2700	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-05025

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-05025
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2017-05025
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-05025

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-05025

Trust: 0.6

sources: CNVD: CNVD-2017-05025

REFERENCES

url:	http://www.linksys.com/us/support-article?articlenum=246427	Trust: 0.6
url:	http://blog.ioactive.com/2017/04/linksys-smart-wi-fi-vulnerabilities.html	Trust: 0.6
url:	http://securityaffairs.co/wordpress/58177/hacking/linksys-routers-flaws.html	Trust: 0.6

sources: CNVD: CNVD-2017-05025

SOURCES

db:

CNVD

id:

CNVD-2017-05025

LAST UPDATE DATE

2022-05-04T10:19:34.704000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-05025

date:

2017-04-22T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-05025

date:

2017-04-22T00:00:00