** UNSUPPORTED WHEN ASSIGNED ** The administration web interface on Belkin Linksys WRT160NL devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Leave a comment