A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
The CVSS score for this vulnerability is 5.3, indicating a medium severity level. Organizations should address this issue in their patch cycle to mitigate potential risks.
Risk to organizations includes unauthorized access to system commands, which may lead to further exploitation or data compromise. Given the potential impact, timely remediation is crucial.
Organizations should prioritize patching immediately.
Vulnerability Details
A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Affected by this vulnerability is the function websGetVar of the file /goform/set_cmd. The manipulation of the argument cmd leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
The CVSS score from NVD is 9.8, indicating a critical severity level, while the CVSS score from VulDB is 5.3, indicating a medium severity level. This discrepancy highlights the need for organizations to evaluate the risk based on their environment.
The CWE classifications associated with this vulnerability include CWE-77 (Command Injection) and CWE-78 (OS Command Injection), indicating that improper input validation allows attackers to execute arbitrary commands.
Technical Analysis
This vulnerability allows remote attackers to inject operating system commands through the cmd argument of the /goform/set_cmd function. The attack vector is network-based, with low complexity and low privileges required, meaning a potential attacker could execute this exploit without needing extensive knowledge.
The attack complexity is low, and no user interaction is required, making it easier for attackers to exploit this vulnerability. The confidentiality, integrity, and availability impacts are all rated as low, but the potential for exploitation remains significant.
Risk & Impact Analysis
The real-world risk associated with this vulnerability includes the potential for unauthorized command execution, which can lead to a full system compromise. Given the critical nature of network infrastructure, an attacker could leverage this vulnerability to gain control over the router, affecting all connected devices.
Organizations utilizing LB-LINK AC1900 Routers should assess their exposure and implement necessary patches as soon as possible. The blast radius of this vulnerability could extend beyond the immediate device, potentially impacting the entire network.
Urgency is classified as high due to the publicly disclosed exploit, and organizations should address this vulnerability in priority patch cycles.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The specific vulnerable version is LB-LINK AC1900 Router firmware version 1.0.2. All versions prior to vendor patch are considered vulnerable.
Mitigation & Remediation
Organizations should seek to patch their LB-LINK AC1900 Routers to version 1.0.3 or later, where this vulnerability is resolved. If a patch is unavailable, implement configuration hardening to restrict access to the /goform/set_cmd function.
Monitoring network traffic for unusual requests to the affected function may help detect exploitation attempts. For further assistance, organizations can consult our penetration testing services.
Detection Guidance
Detection of this vulnerability can be achieved through monitoring the system logs for indicators of command injection attempts, such as unexpected command execution logs or unauthorized access attempts.
AppSecure Threat Intelligence Insight
This vulnerability highlights the importance of securing network devices to prevent unauthorized access and command injection. Organizations should consider implementing robust security measures for network hardware.
Regular security assessments can identify similar vulnerabilities before they are exploited. For comprehensive guidance on securing devices, refer to our penetration testing methodology blog.
Additionally, organizations should stay informed about evolving threats in network security, as these can impact the overall security posture.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)