Skip to main content

E5600 Firmware CVE-2024-33788

HIGH
Command Injection (CWE-77)
2024-05-06 cve@mitre.org
8.0
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
8.0 HIGH
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 06, 2024 - 13:15 cve.org
HIGH 8.0

DescriptionCVE.org

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint.

AnalysisAI

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. Affected products include: Linksys E5600 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2025-45491 CRITICAL POC
9.8 May 06

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS fun

CVE-2025-45488 CRITICAL POC
9.8 May 06

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS fun

CVE-2025-45487 CRITICAL POC
9.8 May 06

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection fu

CVE-2025-45490 CRITICAL POC
9.8 May 06

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS fun

CVE-2025-45489 CRITICAL POC
9.8 May 06

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS fun

CVE-2024-33789 CRITICAL POC
9.8 May 03

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info

CVE-2025-29230 HIGH
8.6 Mar 21

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. Ra

CVE-2025-29227 MEDIUM
6.3 Mar 21

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtim

CVE-2025-29226 MEDIUM
6.3 Mar 21

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtim

CVE-2025-29223 MEDIUM
6.3 Mar 21

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRou

CVE-2025-9146 HIGH POC
7.5 Aug 19

A flaw has been found in Linksys E5600 1.1.0.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploita

CVE-2025-22997 MEDIUM POC
4.8 Jan 15

A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. Rated

Share

CVE-2024-33788 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy