wh0ami

4 exploits Active since May 2023
CVE-2023-31740 WRITEUP HIGH WRITEUP
Linksys E2000 <1.0.06 - Command Injection
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges.
CVSS 7.2
CVE-2023-31741 WRITEUP HIGH WRITEUP
Linksys E2000 1.0.06 - Command Injection
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.
CVSS 7.2
CVE-2023-33532 WRITEUP CRITICAL WRITEUP
Netgear R6250 <1.0.4.48 - Command Injection
There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.
CVSS 9.8
CVE-2023-33533 WRITEUP HIGH WRITEUP
Netgear - Command Injection
Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.
CVSS 8.8