Busybox wget vulnerability

BusyBox project has fixed a vulnerability in BusyBox wget that may allow an attacker to execute arbitrary commands in the target system.

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It is generally used in embedded operating systems with limited resources.

Vulnerability coordination:

The vulnerability was found by Antti Levomäki, Christian Jalio, and Joonas Pihlaja from Forcepoint. NCSC-FI would like to thank Forcepoint and the BusyBox project for participating in the coordination.

  • Servers and server applications
  • Workstations and end-user applications
  • Network devices
  • Mobile communications systems
  • Embedded systems
  • Others


  • Servers and server applications
  • Embedded systems
Further information +

Attack vector

  • Remote
Further information on the access vector +


  • Execution of arbitrary commands
  • Denial-of-service attack
Further information on the impact +


  • Software update patch
Further information on the remediation +

Vulnerable software:

  • BusyBox versions prior to 1.29.0

Possible solutions and restrictive measures:

  • Update BusyBox to the latest version.

Further information:

Update history

Key words: Information security , Vulnerability coordination , Vulnerabilities

LinkedIn Print


The Finnish Communications Regulatory Authority (FICORA)

The National Cyber Security Centre Finland (NCSC-FI)

Itämerenkatu 3 A

P.O. Box 313


Media contacts by telephone +358 295 390 248