wh0ami - Security Researcher - Exploit Intelligence Platform

CVE-2023-31742 WRITEUP HIGH WRITEUP

Linksys WRT54GL 4.30.18.006 - Command Injection

There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.

CVSS 7.2

View Code

CVE-2023-31740 WRITEUP HIGH WRITEUP

Linksys E2000 <1.0.06 - Command Injection

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges.

CVSS 7.2

View Code

CVE-2023-31741 WRITEUP HIGH WRITEUP

Linksys E2000 1.0.06 - Command Injection

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.

CVSS 7.2

View Code

CVE-2023-33532 WRITEUP CRITICAL WRITEUP

Netgear R6250 <1.0.4.48 - Command Injection

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. If an attacker gains web management privileges, they can inject commands into the post request parameters, thereby gaining shell privileges.

CVSS 9.8

View Code

CVE-2023-33533 WRITEUP HIGH WRITEUP

Netgear D6220 D8500 R6700 R6900 - Authenticated Command Injection via Web Management Post Request

Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. If an attacker gains web management privileges, they can inject commands into the post request parameters, gaining shell privileges.

CVSS 8.8

View Code