Lucene search

[email protected]NVD:CVE-2022-43971

HistoryJan 09, 2023 - 9:15 p.m.

CVE-2022-43971

2023-01-0921:15:10

CWE-78

[email protected]

web.nvd.nist.gov

linksys

wumc710

arbitrary code execution

vulnerability

firmware

command execution

linux

root access

network vulnerability

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.8%

JSON

An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root.

Affected configurations

NVD

Node

linksyswumc710_firmwareRange<1.0.02

linksyswumc710_firmwareMatch1.0.02-

linksyswumc710_firmwareMatch1.0.02build3

AND

linksyswumc710Match-

References

youtu.be/73-1lhvJPNg

youtu.be/RfWVYCUBNZ0

youtu.be/TeWAmZaKQ_w

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.8%

JSON

Related for NVD:CVE-2022-43971

cve1 prion1 cvelist1