Full title: Linksys E1500/E2500 apply.cgi Remote Command Injection Vulnerability 
Category: remote exploits
Platform: hardware
Some Linksys Routers are vulnerable to an authenticated OS command injection. Default credentials for the web interface are admin/admin or admin/password. Since it is a blind os command injection vulnerability, there is no output for the executed command when using the cmd generic payload. A ping command against a controlled system could be used for testing purposes.

# 0day.today @ http://0day.today/