A high-severity vulnerability has been identified in multiple Linksys Wi-Fi extender products, allowing an unauthenticated attacker on the local network to take complete control of affected devices. Successful exploitation could lead to network traffic interception, unauthorized access to the internal network, and deployment of malware, posing a significant risk to network integrity and data confidentiality.

This vulnerability is an unauthenticated remote command injection flaw in the web-based management interface of the affected devices. An attacker on the same network segment can send a specially crafted HTTP request to a specific endpoint on the device's web server. Due to insufficient input sanitization, this request can inject and execute arbitrary operating system commands with root-level privileges, granting the attacker full administrative control over the device.

This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation of this flaw could have a severe impact on business operations. An attacker could compromise the Wi-Fi extender to eavesdrop on network traffic, redirect users to malicious websites, or use the device as a pivot point to launch further attacks against other systems on the internal corporate network. The complete compromise of these network devices could lead to significant data breaches, network outages, and reputational damage.

Immediate Action: The primary remediation is to apply the security updates provided by Linksys to all affected devices immediately. Prioritize patching devices in sensitive network locations. After patching, review device access logs and system logs for any signs of compromise or unauthorized activity that may have occurred before the patch was applied.

Proactive Monitoring: Monitor network traffic for unusual outbound connections originating from the Linksys devices. Review web server logs on the devices for suspicious HTTP requests containing shell metacharacters (e.g., ;, |, &&, $()). Implement alerts for unexpected reboots or high CPU usage on these devices, which could indicate malicious activity.

Compensating Controls: If immediate patching is not feasible, restrict access to the device's web management interface to a dedicated and trusted administrative VLAN or specific IP addresses. If the management interface must be accessible, consider placing a Web Application Firewall (WAF) in front of it with rules designed to block command injection attempts. Ensure these devices are not directly exposed to the internet.

Public Exploit Available: false

Given the high CVSS score of 8.8, this vulnerability represents a critical risk to the network infrastructure. We strongly recommend that organizations identify all affected Linksys devices and apply the vendor-supplied patches on an emergency basis. Although this CVE is not currently on the CISA KEV list, its severity makes it a prime candidate for future inclusion, and proactive remediation is essential to prevent potential compromise of the network.