CVE-2023-31741
Published: 23 May 2023
Summary
CVE-2023-31741 is a high-severity Command Injection (CWE-77) vulnerability in Linksys E2000 Firmware. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 7.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
The vulnerability CVE-2023-31741 is a command injection flaw in the Linksys E2000 router running firmware version 1.0.06. It resides in the Start_EPI() function of the httpd web server and can be triggered through the POST request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, and ttcp_size, which are not properly sanitized before being passed to the underlying system.
An attacker who has already obtained web management privileges on the device can supply crafted values in these parameters to execute arbitrary commands and escalate to shell-level access on the router. The issue is tracked under CWE-77 and carries a CVSS 3.1 score of 7.2 reflecting network attack vector, low complexity, and high impact on confidentiality, integrity, and availability when the required privileges are present.
No mitigation guidance or patch information is provided in the available references, which consist primarily of vendor links and a proof-of-concept document. The associated EPSS score has remained flat at 0.0908 with no observed increase after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-36032
Vulnerability details
There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd…
more
s Start_EPI() function, thereby gaining shell privileges.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.