Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-35713OS Command Injection in Linksys Re6500 Firmware

CWE-78OS Command Injection5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
93.6%
top 0.16%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Linksys Re6500 Firmware
Timeline
PublishedDec 26
Latest updateMay 24

Description

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDlinksys/re6500_firmware< 1.0.012.001

🔴Vulnerability Details

3
GHSA
GHSA-8r9p-9pp7-xxpc: Belkin LINKSYS RE6500 devices before 12022-05-24
CVEList
CVE-2020-35713: Belkin LINKSYS RE6500 devices before 12020-12-26
VulnCheck
linksys re6500_firmware Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')2020

💥Exploits & PoCs

1
Nuclei
Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution
CVE-2020-35713 — OS Command Injection in Linksys | cvebase