Linksys Command Injection Vulnerability in RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 Routers

A critical command injection vulnerability has been identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 routers, all running specific firmware versions. The vulnerability resides in the 'RP_checkFWByBBS' function of the '/goform/RP_checkFWByBBS' file. It allows remote attackers to execute arbitrary operating system commands by manipulating various input parameters. The issue has been publicly disclosed and could be exploited remotely.

Impact

Exploitation of this vulnerability leads to unauthorized execution of operating system commands on the affected router.

Reproduction

To reproduce this vulnerability, send a POST request to the '/goform/RP_checkFWByBBS' endpoint. Include the 'type' parameter with a crafted command, such as one that starts a telnet server. The router will execute the command, providing a shell access through the specified port.