CVE-2024-33789

Name of the Vulnerable Software and Affected Versions: Linksys E5600 version 1.1.0.26

Description: The issue is related to a command injection vulnerability via the ipurl parameter at the "/API/info" form endpoint. This vulnerability is associated with the lack of neutralization of special elements used in the OS command when processing the ipurl parameter in the runtime.pingTest() function of the Linksys E5600 router's firmware. Exploitation of this issue may allow a remote attacker to execute arbitrary commands.

Recommendations: For Linksys E5600 version 1.1.0.26, as a temporary workaround, consider disabling the runtime.pingTest() function until a patch is available. Restrict access to the "/API/info" form endpoint to minimize the risk of exploitation. Avoid using the ipurl parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.