CVE-2018-3955

Name of the Vulnerable Software and Affected Versions Linksys E1200 version 2.0.09 Linksys E2500 version 3.0.04

Description An operating system command injection exists in the Linksys E-Series line of routers. Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this issue. Data entered into the Domain Name input field through the web portal is submitted to apply.cgi as the value to the wan domain POST parameter. The wan domain data goes through the nvram set process. When the preinit binary receives the SIGHUP signal, it enters a code path that calls a function named set host domain name from its libshared.so shared object.

Recommendations For Linksys E1200 version 2.0.09, consider disabling the set host domain name function until a patch is available. For Linksys E2500 version 3.0.04, restrict access to the apply.cgi endpoint to minimize the risk of exploitation. Avoid using the wan domain parameter in the affected HTTP request until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.