Unauthenticated remote command execution on Cisco Linksys x2000 routers

Posted by Lorenzo Pistone on Nov 02

Hello,
I have found on my router, a Linksys X2000, that there is a poor
validation of the IP target in the ping diagnostics web page
(http://$router_ip/Diagnostics.asp). This can be used to execute
arbitrary commands as the root user on the device. It appears that there
is no need for authentication to exploit the flaw, so this is
exploitable from WAN if the administrator has activated remote
management from the web UI.

The web interface…

Leave a Reply