CVE-2024-57222 is a command injection vulnerability identified in the Linksys E7350 router firmware version 1.1.00.032. The vulnerability arises from improper sanitization of the ifname parameter within the apcli_cancel_wps function. This function is involved in cancelling WPS (Wi-Fi Protected Setup) operations, and the ifname parameter is likely used to specify interface names. An attacker who can send crafted requests to this function can inject arbitrary OS commands, leading to potential remote code execution on the device. The vulnerability is exploitable remotely over the network without requiring authentication, but it does require user interaction, possibly through triggering a specific request or interface. The CVSS v3.1 base score is 6.3, reflecting medium severity with network attack vector, low attack complexity, no privileges required, but requiring user interaction. The impact includes potential unauthorized command execution, which can compromise device confidentiality, integrity, and availability. The vulnerability is classified under CWE-77 (Improper Neutralization of Special Elements used in a Command), indicating command injection issues. No patches or known exploits have been reported as of the publication date, but the risk remains significant due to the nature of the flaw and the device's role as a network gateway.

The vulnerability allows remote attackers to execute arbitrary commands on affected Linksys E7350 routers, potentially leading to full compromise of the device. This can result in unauthorized access to network traffic, manipulation or disruption of network services, and use of the device as a pivot point for further attacks within an organization's network. Confidentiality is at risk as attackers may intercept or redirect sensitive data. Integrity can be compromised by altering device configurations or injecting malicious payloads. Availability may be impacted by causing device crashes or denial of service. Organizations relying on these routers for network connectivity, especially in small to medium business or home office environments, face increased risk of network intrusion and data breaches. The lack of authentication requirement and network accessibility increases the attack surface. Although no exploits are known in the wild yet, the vulnerability's presence in a widely deployed consumer router model could attract attackers once exploit code becomes available.

Organizations should immediately inventory their network for the presence of Linksys E7350 routers running firmware version 1.1.00.032. Until an official patch is released, mitigate risk by disabling WPS functionality if possible, as the vulnerability is tied to the apcli_cancel_wps function. Restrict network access to the router's management interfaces by implementing firewall rules or network segmentation to limit exposure to untrusted networks. Monitor router logs for unusual activity or unexpected commands. Employ network intrusion detection systems (NIDS) to detect anomalous traffic patterns targeting the ifname parameter or WPS-related functions. Regularly check Linksys security advisories for firmware updates addressing this vulnerability and apply patches promptly once available. Consider replacing vulnerable devices with models that have no known command injection issues if patching is delayed. Educate users about the risks of interacting with unsolicited network prompts or configuration requests that might trigger the vulnerability.