EIP-2026-101351

PRE-CVE

Linksys WRT54GL - 'apply.cgi' Command Execution (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101351. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits an authenticated OS command injection vulnerability in Linksys WRT54GL routers via the apply.cgi interface. It allows command execution and payload delivery, with options to restore the original configuration post-exploitation.

Description

Linksys WRT54GL - 'apply.cgi' Command Execution (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotehardware

https://www.exploit-db.com/exploits/24945

View Code ZIP pw:eip

This Metasploit module exploits an authenticated OS command injection vulnerability in Linksys WRT54GL routers via the apply.cgi interface. It allows command execution and payload delivery, with options to restore the original configuration post-exploitation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Linksys WRT54GL (and possibly other models)

Auth required

Prerequisites: Network access to the router's web interface · Valid credentials (default: admin/admin or admin/password)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026