CVE-2024-33788

Name of the Vulnerable Software and Affected Versions Linksys E5600 version 1.1.0.26

Description The issue is related to a command injection vulnerability in the /API/info endpoint of the Linksys E5600 router's firmware. This vulnerability is caused by the failure to neutralize special elements used in the operating system command. An attacker can exploit this vulnerability to inject arbitrary commands using the PinCode parameter.

Recommendations For version 1.1.0.26, consider disabling access to the /API/info endpoint until a patch is available. As a temporary workaround, restrict the use of the PinCode parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.