Linksys E2500 / E1200 Command Injection

Posted on 30 November -0001

<HTML><HEAD><TITLE>Linksys E2500 / E1200 Command Injection </TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>Linksys E2500 and E1200 suffer from missing command injection issue in parental control parameters. This allows an attacker to change the control the device remotely.

Combining the attack of no authorization control, it allows an attacker to actually execute unauthenticated command injection attack and thus control the entire device.

More info at:
http://www.samuelhuntley.com/?p=141
http://www.samuelhuntley.com/?p=135

Initial disclosure date: 04/12/16
Fixed date as per Linksys contact: 7/4/16
Linksys contact: Benjamin Samuels,  Calvin Clark (security@linksys.com)
</BODY></HTML>

TOP

Malware :

Backdoor:Win32/Heloag.A
Exploit:Win32/CVE-2011-3402
Trojan:Win32/Obfac
Exploit:Win32/Pdfjsc.YP
TrojanDownloader:Win32/Bofang.B

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20