Jzp018

**Name of the Vulnerable Software and Affected Versions** linksys E5600 version V1.1.0.26 **Description** The Linksys E5600 router firmware version V1.1.0.26 contains a command injection flaw within the `ddnsStatus` function. This allows for potential unauthorized command execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netgear EX8000 version 1.0.0.126 **Description** The Netgear EX8000 Mesh Extender firmware version 1.0.0.126 contains a Command Injection issue. This occurs due to a flaw in the `action bandwidth` function, specifically through manipulation of the `iface` parameter. The `iface` parameter allows for the execution of arbitrary commands. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `action bandwidth` function.

**Name of the Vulnerable Software and Affected Versions** Netgear EX8000 version 1.0.0.126 **Description** The Netgear EX8000 version 1.0.0.126 contains a command injection issue. This occurs through the `switch status` function. The vulnerability allows for potential unauthorized command execution. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `switch status` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linksys E5600 version 1.1.0.26 **Description** The Linksys E5600 router firmware version 1.1.0.26 contains a command injection issue in the `runtime.macClone` function. The issue is triggered via the `mc.ip` parameter. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `runtime.macClone` function until a patch is available.