CVE-2023-41029

HIGH

Juplink RX4-1500 Wifi router <V1.0.5 - Command Injection

Title source: llm

Description

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint.

References (1)

Core 1

Core References

Third Party Advisory

https://blog.exodusintel.com/2023/09/18/juplink-rx4-1500-command-injection-vulnerability/

Scores

CVSS v3 8.0

EPSS 0.0220

EPSS Percentile 80.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-77

Status published

Products (4)

juplink/rx4-1500_firmware 1.0.2

juplink/rx4-1500_firmware 1.0.3

juplink/rx4-1500_firmware 1.0.4

juplink/rx4-1500_firmware 1.0.5

Published Sep 22, 2023

Tracked Since Feb 18, 2026