An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: trellix
Published: 2023-01-09T00:00:00
Updated: 2024-08-03T13:47:05.143Z
Reserved: 2022-10-28T00:00:00
Link: CVE-2022-43971
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-01-09T21:15:10.840
Modified: 2023-01-13T16:55:23.977
Link: CVE-2022-43971
Redhat
No data.