Cyber Posture

CVE-2024-57536

HighPublic PoC

Published: 21 January 2025

Published
21 January 2025
Modified
22 April 2025
KEV Added
Patch
CVSS Score 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0096 76.6th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

Security Summary

CVE-2024-57536 is a command injection vulnerability (CWE-77) affecting the Linksys E8450 router on firmware version v1.2.00.360516. The issue arises via the wizard_status parameter, allowing arbitrary command execution on the device.

The vulnerability carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). An attacker with adjacent network access (AV:A) and low privileges (PR:L) can exploit it with low complexity and no user interaction, resulting in high impacts to confidentiality, integrity, and availability in an unchanged scope.

References point to a GitHub repository (https://github.com/Wood1314/Linksys_E8450_vul/blob/main/8/8.md) detailing the vulnerability, published on 2025-01-21. No specific mitigation or patch details are outlined in the available information.

Details

CWE(s)
CWE-77

Affected Products

linksys
e8450 firmware
1.2.00.360516

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
attack.mitre.org →
Why these techniques?

Command injection via wizard_status in the Linksys router's web interface enables exploitation of a public-facing application (T1190) and facilitates command execution on the network device CLI (T1059.008).

References