N750 Firmware
CVE-2018-1146
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access.
AnalysisAI
A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access. Affected products include: Belkin N750 Firmware. Version information: version 1.10.22.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in N750 Firmware
View allA remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today