{"id":135,"date":"2016-08-07T22:56:28","date_gmt":"2016-08-07T22:56:28","guid":{"rendered":"http:\/\/www.samuelhuntley.com\/?p=135"},"modified":"2016-11-03T02:53:12","modified_gmt":"2016-11-03T02:53:12","slug":"linksys-e2500-unauth-command-injection","status":"publish","type":"post","link":"https:\/\/www.samuelhuntley.com\/?p=135","title":{"rendered":"Linksys E2500 (Unauth Command Injection)"},"content":{"rendered":"<p>Fixed date as per Linksys contact: 7\/4\/16<\/p>\n<p><span class=\"il\">Linksys<\/span> E2500 hardware version 3.0 and firmware version\u00a03.0.01.010 suffer from missing command injection issue\u00a0in parental control parameters. If the remote web management is enabled, then this allows an attacker to control the device remotely based on the combination attack mentioned below.<\/p>\n<p>Combining the attack of no authorization control, it allows an attacker to actually execute unauthenticated command injection attack and thus control the entire device.<\/p>\n<p>Initial disclosure date: 04\/12\/16<\/p>\n<p>Linksys contact: Benjamin Samuels, \u00a0Calvin Clark (security@linksys.com)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fixed date as per Linksys contact: 7\/4\/16 Linksys E2500 hardware version 3.0 and firmware version\u00a03.0.01.010 suffer from missing command injection issue\u00a0in parental control parameters. If the remote web management is enabled, then this allows an attacker to control the device remotely based on the combination attack mentioned below. Combining the attack of no authorization control, &hellip; <a href=\"https:\/\/www.samuelhuntley.com\/?p=135\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Linksys E2500 (Unauth Command Injection)<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[2],"_links":{"self":[{"href":"https:\/\/www.samuelhuntley.com\/index.php?rest_route=\/wp\/v2\/posts\/135"}],"collection":[{"href":"https:\/\/www.samuelhuntley.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.samuelhuntley.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.samuelhuntley.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.samuelhuntley.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=135"}],"version-history":[{"count":5,"href":"https:\/\/www.samuelhuntley.com\/index.php?rest_route=\/wp\/v2\/posts\/135\/revisions"}],"predecessor-version":[{"id":152,"href":"https:\/\/www.samuelhuntley.com\/index.php?rest_route=\/wp\/v2\/posts\/135\/revisions\/152"}],"wp:attachment":[{"href":"https:\/\/www.samuelhuntley.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.samuelhuntley.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.samuelhuntley.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}