VYPR
Unrated severityNVD Advisory· Published Feb 2, 2021· Updated Aug 3, 2024

CVE-2021-25310

CVE-2021-25310

Description

The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Belkin/Linksys WRT160NLdescription
  • Linksys/WRT160NLllm-create
    Range: = 1.0.04.002_US_20130619

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.