CVE-2021-35402

Name of the Vulnerable Software and Affected Versions PROLiNK PRC2402M versions prior to 2021-06-13

Description The PROLiNK PRC2402M router firmware contains a flaw that allows for arbitrary OS command execution. The issue resides in the live api.cgi script when handling the page=satellite list request. Specifically, the ip parameter within the satellite status function is susceptible to shell metacharacter injection. An attacker can leverage this to execute commands on the device.

Recommendations Update PROLiNK PRC2402M firmware to version 2021-06-13 or later.