Cyber Resilience

CVE-2024-33789

CriticalPublic PoCRCE

Published: 03 May 2024

Published
03 May 2024
Modified
10 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1086 93.5th percentile
Risk Priority 26 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-33789 is a critical-severity Command Injection (CWE-77) vulnerability in Linksys E5600 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 6.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Linksys E5600 firmware version 1.1.0.26 contains a command injection vulnerability (CWE-77) at the /API/info endpoint, where the ipurl parameter is processed without adequate sanitization. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible exploitation with no required credentials or user interaction.

An unauthenticated remote attacker can submit a maliciously crafted HTTP request containing shell metacharacters in the ipurl field, resulting in arbitrary command execution on the device with full read, write, and administrative control.

Public references consist of a GitHub repository documenting the issue, but no vendor advisory, firmware patch, or mitigation guidance is referenced in the available data. The associated EPSS score has remained flat at 0.1086 with no indicated rise after disclosure.

EU & UK References

Vulnerability details

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection via the ipurl parameter in the /API/info web endpoint enables exploitation of a public-facing application (T1190) for remote Unix shell command execution (T1059.004).

Affected Assets

linksys
e5600 firmware
1.1.0.26

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References