CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-43971

An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.7%

CVSS Severity

CVSS v3 Score 7.2

References

Products affected by CVE-2022-43971

Linksys » Wumc710 » Version: N/A

cpe:2.3:h:linksys:wumc710:-
Linksys » Wumc710 Firmware » Version: 1.0.00

cpe:2.3:o:linksys:wumc710_firmware:1.0.00
Linksys » Wumc710 Firmware » Version: 1.0.01

cpe:2.3:o:linksys:wumc710_firmware:1.0.01
Linksys » Wumc710 Firmware » Version: 1.0.02

cpe:2.3:o:linksys:wumc710_firmware:1.0.02

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-43971

Products

Pricing

Contact Us