CVE-2022-35572

Name of the Vulnerable Software and Affected Versions Linksys E5350 WiFi Router version 1.0.00.037 and lower

Description The issue concerns the /SysInfo.htm URI, which does not require a session ID. This web page calls the show sysinfo function, retrieving sensitive information such as WPA passwords, SSIDs, MAC Addresses, serial numbers, WPS Pins, and hardware/firmware versions, and prints this information into the web page. This web page is accessible when remote management is enabled, allowing a user with access to the web interface to extract these secrets. If the device has remote management enabled and is connected directly to the internet, this issue is exploitable over the internet without interaction.

Recommendations For Linksys E5350 WiFi Router version 1.0.00.037 and lower, consider disabling remote management to minimize the risk of exploitation until a patch is available. As a temporary workaround, restrict access to the /SysInfo.htm URI to prevent unauthorized users from extracting sensitive information.