Linksys RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 OS Command Injection Vulnerability

A critical OS command injection vulnerability has been identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 routers, all running specific firmware versions. The vulnerability arises in the 'ssid1MACFilter' function within the '/goform/ssid1MACFilter' file. It allows remote attackers to execute arbitrary OS commands by manipulating the 'apselect_%d' and 'newap_text_%d' parameters. This exploitation is made possible through crafted requests, taking advantage of insufficient input validation that could prevent the execution of unauthorized commands.

Impact

Exploitation of this vulnerability allows for arbitrary OS command execution on the affected device.

Reproduction

To reproduce this vulnerability, send a request to the '/goform/ssid1MACFilter' endpoint, including crafted 'apselect_%d' and 'newap_text_%d' parameters. The manipulation of these parameters will trigger the OS command injection vulnerability by executing arbitrary commands on the device.