Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-11535

Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.

Published

2019-07-17T20:15:10.897

Last Modified

2024-11-21T04:21:17.377

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linksys	re6400_firmware	≤ 1.2.04.022	Yes
Hardware	linksys	re6400	1	No
Operating System	linksys	re6300_firmware	≤ 1.2.04.022	Yes
Hardware	linksys	re6300	1	No

References

http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt Release Notes, Third Party Advisory ([email protected])
http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)