CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-33789

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.01433/1

CVE-2024-33789: Command Injection Vulnerability in Linksys E5600. Discover a critical flaw in Linksys E5600 routers that allows attackers to execute arbitrary commands. CVE-2024-33789 affects Linksys E5600 v1.1.0.26, stemming from a command injection vulnerability via the 'ipurl' parameter at the '/API/info' form endpoint. With an SVRS of 30, while not immediately critical, the vulnerability poses a risk, especially given the CWE-77 classification and potential for exploitation in the wild. An attacker could leverage this flaw to gain unauthorized access and control over the affected device. Despite a CVSS score of 0, the SVRS suggests potential exploitation. Promptly investigate and patch the affected devices. This vulnerability represents a significant risk for users relying on these routers for network security.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-05-03
LAST MODIFIED2024-07-03
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-33789 is a command injection vulnerability in Linksys E5600 v1.1.0.26, accessible through the ipurl parameter in the /API/info form endpoint. This vulnerability allows attackers to execute arbitrary commands on the affected device, potentially leading to complete system compromise. The SVRS for this CVE is 38, indicating a moderate level of risk.

Key Insights

  • Remote Exploitation: This vulnerability can be exploited remotely, allowing attackers to target devices without physical access.
  • Privilege Escalation: Successful exploitation could allow attackers to escalate privileges and gain full control of the affected device.
  • Data Theft and Manipulation: Attackers could use this vulnerability to steal sensitive data or manipulate device settings.
  • Active Exploitation: This vulnerability is actively exploited in the wild, making it a critical threat to affected devices.

Mitigation Strategies

  • Apply Software Updates: Install the latest firmware updates from Linksys to patch the vulnerability.
  • Disable Remote Access: If possible, disable remote access to the affected device until the patch is applied.
  • Use Strong Passwords: Ensure strong and unique passwords are used for the device's administrative account.
  • Monitor Network Traffic: Implement network monitoring tools to detect and block suspicious activity.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have been published.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Linksys Router Flaw Let Attackers Perform Command Injection, PoC Released
Eswar2024-05-06
Linksys Router Flaw Let Attackers Perform Command Injection, PoC Released | Linksys routers were discovered with two vulnerabilities: CVE-2024-33788 and CVE-2024-33789. These vulnerabilities were associated with Command Injection on Linksys routers. The severity of these vulnerabilities is yet to be categorized. However, a proof-of-concept has been published for these two vulnerabilities. These vulnerabilities existed in Linksys E5000 routers, which had insufficient validation of user inputs. Threat […] The post Linksys Router Flaw Let Attackers Perform Command Injection
cve-2024-33789
cve-2024-33788
domains
urls
CVE-2024-33789 | Linksys E5600 1.1.0.26 /API/info ipurl command injection
vuldb.com2024-05-03
CVE-2024-33789 | Linksys E5600 1.1.0.26 /API/info ipurl command injection | A vulnerability classified as critical was found in Linksys E5600 1.1.0.26. This vulnerability affects unknown code of the file /API/info. The manipulation of the argument ipurl leads to command injection. This vulnerability was named CVE-2024-33789. Access to the local network is required for this attack. There
cve-2024-33789
ipv4s
domains
urls

Social Media

🏍Linksys Router Flaws Exposed, Poc Published (Patch Unavailable!) : 🔥PoC for CVE-2024-33788 : https://t.co/q5KzG3fARI 🔥PoC for CVE-2024-33789 : https://t.co/fjRqT6n02a
0
1
2
Linksys Router Flaw Let Attackers Perform Command Injection, PoC Released: Linksys routers were discovered with two vulnerabilities: CVE-2024-33788 and CVE-2024-33789. These vulnerabilities were associated with Command Injection on Linksys routers. The… https://t.co/9LrY27thYF https://t.co/sgCWKg0OiB
0
0
0
Linksys router flaws exposed. No patch! The two #vulnerabilities can be exploited by injecting commands that the router’s operating system will execute. https://t.co/pYCfP3OHLt #commandinjection #security #malware #data CVE-2024-33788 CVE-2024-33789 #poc https://t.co/OWVcVgZc5o
0
0
0
CVE-2024-33788 and CVE-2024-33789, both involve command injection exploits that can be triggered due to insufficient input validation mechanisms within the router’s firmware. No official patches are currently available while #PoC published #Linksys https://t.co/beq0SGGWtP
0
0
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/ymkyu/CVE/tree/main/CVE-2024-33789
GITHUBhttps://github.com/ymkyu/CVE/tree/main/CVE-2024-33789

CWE Details

CWE IDCWE NameDescription
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence