CVE-2019-11535Command Injection in Linksys Re6300 Firmware

CWE-77Command Injection3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
3.4%
top 12.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linksys Re6300 FirmwareLinksys Re6400 Firmware
Timeline
PublishedJul 17
Latest updateMay 24

Description

Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDlinksys/re6300_firmware1.2.04.022
NVDlinksys/re6400_firmware1.2.04.022

🔴Vulnerability Details

2
GHSA
GHSA-3vqc-45v8-242h: Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 12022-05-24
CVEList
CVE-2019-11535: Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 12019-07-17
CVE-2019-11535 — Command Injection in Linksys | cvebase