CVE-2019-11535

Published: Jul 17, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.

Affected (2)

Products: Linksys: Re6400 Firmware, Re6300 Firmware

2 products

Re6400 Firmware

Re6300 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6400 Firmware	Up to 1.2.04.022

Running on/with	Platform Versions
Linksys Re6400	Version 1

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6300 Firmware	Up to 1.2.04.022

Running on/with	Platform Versions
Linksys Re6300	Version 1

Related CWEs

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt

Source: cve@mitre.org

Release NotesThird Party Advisory

http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.