CVE-2022-30105

Name of the Vulnerable Software and Affected Versions Belkin N300 Firmware version 1.00.08

Description The script located at "/setting hidden.asp" exhibits multiple remote command injection vulnerabilities. The parameters in the form are not properly sanitized after being submitted to the web interface in a POST request. With specially crafted parameters, it is possible to inject an OS command which will be executed with root privileges, as the web interface and all processes on the device run as root.

Recommendations For Belkin N300 Firmware version 1.00.08, consider disabling access to the "/setting hidden.asp" script until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the vulnerable parameters in the form until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.