Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Linksys E2500 and E1200 (Unauth Command Injection)

From: samhuntley84 () gmail com
Date: Sun, 14 Aug 2016 21:42:27 GMT
Linksys E2500 and E1200 suffer from missing command injection issue in parental control parameters. This allows an 
attacker to change the control the device remotely.

Combining the attack of no authorization control, it allows an attacker to actually execute unauthenticated command 
injection attack and thus control the entire device.

More info at:
http://www.samuelhuntley.com/?p=141
http://www.samuelhuntley.com/?p=135

Initial disclosure date: 04/12/16
Fixed date as per Linksys contact: 7/4/16
Linksys contact: Benjamin Samuels,  Calvin Clark (security () linksys com)
Previous By Date Next
Previous By Thread Next

Current thread: