ID
VAR-202501-2365
CVE
CVE-2024-57228
TITLE
Linksys of E7350 Command injection vulnerability in firmware
Trust: 0.8
sources:
JVNDB: JVNDB-2025-003690
DESCRIPTION
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. (DoS) It may be in a state. Linksys E7350 is a wireless router device from Linksys. A remote attacker can use this vulnerability to submit a special request and execute arbitrary commands in the context of the application
Trust: 2.16
sources:
NVD: CVE-2024-57228 //
JVNDB: JVNDB-2025-003690 //
CNVD: CNVD-2025-02900
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2025-02900
AFFECTED PRODUCTS
| vendor: | linksys | model: | e7350 | scope: | eq | version: | 1.1.00.032 | Trust: 1.6 |
| vendor: | linksys | model: | e7350 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | linksys | model: | e7350 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | linksys | model: | e7350 | scope: | eq | version: | e7350 firmware 1.1.00.032 | Trust: 0.8 |
sources:
CNVD: CNVD-2025-02900 //
JVNDB: JVNDB-2025-003690 //
NVD: CVE-2024-57228
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2025-02900 //
JVNDB: JVNDB-2025-003690 //
NVD: CVE-2024-57228
PROBLEMTYPE DATA
| problemtype: | CWE-77 | Trust: 1.0 |
| problemtype: | Command injection (CWE-77) [ others ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2025-003690 //
NVD: CVE-2024-57228
PATCH
| title: | Patch for Linksys E7350 vif_disable command injection vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/655966 | Trust: 0.6 |
sources:
CNVD: CNVD-2025-02900
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-57228 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2025-003690 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-02900 | Trust: 0.6 |
sources:
CNVD: CNVD-2025-02900 //
JVNDB: JVNDB-2025-003690 //
NVD: CVE-2024-57228
REFERENCES
| url: | https://github.com/yanggao017/vuln/blob/main/linksys/e7350/ci_1_vif_disable/readme.md | Trust: 2.4 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-57228 | Trust: 0.8 |
sources:
CNVD: CNVD-2025-02900 //
JVNDB: JVNDB-2025-003690 //
NVD: CVE-2024-57228
SOURCES
| db: | CNVD | id: | CNVD-2025-02900 |
| db: | JVNDB | id: | JVNDB-2025-003690 |
| db: | NVD | id: | CVE-2024-57228 |
LAST UPDATE DATE
2025-04-22T23:17:53.043000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-02900 | date: | 2025-02-14T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-003690 | date: | 2025-04-21T01:11:00 |
| db: | NVD | id: | CVE-2024-57228 | date: | 2025-04-16T14:16:45.610 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-02900 | date: | 2025-02-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-003690 | date: | 2025-04-21T00:00:00 |
| db: | NVD | id: | CVE-2024-57228 | date: | 2025-01-10T18:15:25.970 |