Remote Command Execution in Belkin Linksys WRT160NL 1.0.04.002_US_20130619

Remote Command Execution in Belkin Linksys WRT160NL 1.0.04.002_US_20130619

CVE-2021-25310 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine

Learn more about our Web App Pen Testing.