PT-2024-19476 · Linksys · Linksys Router E1700
Published
2024-02-26
·
Updated
2024-08-16
·
CVE-2024-22543
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Linksys Router E1700 version 1.0.04 (build 3)
Description
An issue was discovered in the Linksys Router E1700, allowing authenticated attackers to escalate privileges. This can be achieved via a crafted GET request to the "/goform/*" URI or through the
ExportSettings function.Recommendations
For Linksys Router E1700 version 1.0.04 (build 3), consider disabling access to the
/goform/* URI and restricting the use of the ExportSettings function until a patch is available.Exploit
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linksys Router E1700