CVE-2023-41029

Summary

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint.

Affected Software

VendorProductVersion RangeStatus
JuplinkRX4-1500V1.0.2 <= V1.0.5affected

Weaknesses

  • CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References