Advertisement






Linksys AX3200 V1.1.00 Command Injection

CVE Category Price Severity
CVE-2022-38841 CWE-78 Unavailable High
Author Risk Exploitation Type Date
Unknown High Remote 2023-03-22
CVSS
CVSS:4.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023030046

Below is a copy:

Linksys AX3200 V1.1.00 Command Injection
# Exploit Title: Linksys AX3200 V1.1.00 - Command Injection
# Date: 2022-09-19
# Exploit Author: Ahmed Alroky
# Author: Linksys
# Version: 1.1.00
# Authentication Required: YES
# CVE : CVE-2022-38841

# Tested on: Windows

# Proof Of Concept:

1 - login into AX3200 webui
2 - go to diagnostics page
3 - put "google.com|ls" to perform a traceroute
4 - you will get the file list and also you can try "example.com|id" to ensure that all commands executed as a root user

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.