CVE-2018-1143

Name of the Vulnerable Software and Affected Versions: Belkin N750 firmware version 1.10.22

Description: The issue is related to insufficient input validation in the twonky command.cgi component of the Belkin N750 router's firmware, allowing a remote unauthenticated user to execute commands as root by sending a crafted HTTP request to the twonky command.cgi endpoint. This can enable an attacker to perform arbitrary commands with root privileges.

Recommendations: For Belkin N750 firmware version 1.10.22, consider disabling access to the twonky command.cgi endpoint until a patch is available to prevent exploitation. Restricting input to this endpoint can also help minimize the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.