A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.

The remote Belkin router is affected by a remote command injection vulnerability due to improper sanitization of user-supplied input.
An unauthenticated, remote attacker can exploit this, via a specially crafted URL, to execute arbitrary commands on the device.

Note that Nessus has detected this vulnerability by reading the contents of file /proc/cpuinfo

Detections

Analytics

CVE-2018-1144

critical

Tenable Plugins

critical