Skip to main content

E1200 Firmware CVE-2018-3953

HIGH
OS Command Injection (CWE-78)
2018-10-17 talos-cna@cisco.com
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 17, 2018 - 02:29 nvd
HIGH 7.2

DescriptionNVD

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed.

AnalysisAI

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed. Affected products include: Linksys E1200 Firmware, Linksys E2500 Firmware. Version information: Version 2.0.09.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2022-38555 CRITICAL POC
9.8 Aug 28

Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. Rated critical severity (CVSS 9.8), thi

CVE-2025-60691 HIGH POC
8.8 Nov 13

A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.

CVE-2025-60690 HIGH POC
8.8 Nov 13

A stack-based buffer overflow vulnerability exists in the Linksys E1200 v2 router firmware that allows remote attackers

CVE-2025-60694 HIGH POC
7.5 Nov 13

A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 route

CVE-2025-60692 HIGH POC
8.4 Nov 13

A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmwa

CVE-2018-3955 HIGH POC
7.2 Oct 17

An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware

CVE-2018-3954 HIGH POC
7.2 Oct 17

Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version

CVE-2025-60693 MEDIUM POC
6.5 Nov 13

A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firm

CVE-2025-60689 MEDIUM POC
5.4 Nov 13

An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200

Share

CVE-2018-3953 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy