CVE-2024-27497

Name of the Vulnerable Software and Affected Versions Linksys E2000 version Ver.1.0.06 build 1

Description The issue is related to a flaw in the authentication procedure of the Linksys E2000 router, which can be exploited to bypass authentication and gain full access to the device. This can potentially allow attackers to steal sensitive data, compromise devices, and use the connection for further malicious activity. The vulnerability is associated with the position.js file, where the session key is written, allowing hackers to access files that call to position.js and obtain the session.

Recommendations For Linksys E2000 version Ver.1.0.06 build 1, consider replacing the router as there is no fix in sight. As a temporary workaround, restrict access to the position.js file to minimize the risk of exploitation. Avoid using the router until a secure alternative is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.