Vulnerability Spotlight: Linksys ESeries Multiple OS Command Injection Vulnerabilities
These vulnerabilities were discovered by Jared Rittle of Cisco Talos
Today, Talos is disclosing several vulnerabilities that have been identified in Linksys E Series of routers operating system.
Multiple exploitable OS command injection vulnerabilities exist in the Linksys ESeries line of routers. Specially crafted requests to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger these vulnerabilities.
Linksys E Series is a product line of routers for small and home offices supporting various features including easy management, security and QoS. It is designed to connect home computers, Internet-ready TVs, game consoles, smartphones, and other Wi-Fi devices at fast transfer rates for an unrivalled experience.