CVE-2024-33789
Published: 03 May 2024
Summary
CVE-2024-33789 is a critical-severity Command Injection (CWE-77) vulnerability in Linksys E5600 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Linksys E5600 firmware version 1.1.0.26 contains a command injection vulnerability (CWE-77) at the /API/info endpoint, where the ipurl parameter is processed without adequate sanitization. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible exploitation with no required credentials or user interaction.
An unauthenticated remote attacker can submit a maliciously crafted HTTP request containing shell metacharacters in the ipurl field, resulting in arbitrary command execution on the device with full read, write, and administrative control.
Public references consist of a GitHub repository documenting the issue, but no vendor advisory, firmware patch, or mitigation guidance is referenced in the available data. The associated EPSS score has remained flat at 0.1086 with no indicated rise after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-31498
Vulnerability details
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection via the ipurl parameter in the /API/info web endpoint enables exploitation of a public-facing application (T1190) for remote Unix shell command execution (T1059.004).
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.