CVE-2022-24372 β€” Link Following in Linksys Mr9600 Firmware

CWE-59 β€” Link Following3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 80.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Linksys Mr9600 Firmware
Timeline
PublishedApr 27
Latest updateApr 28

Description

Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages1 packages

β–ΆNVDlinksys/mr9600_firmware< 2.0.5

πŸ”΄Vulnerability Details

2
GHSA
GHSA-2vfm-65cj-5j48: Linksys MR9600 devices before 2β†—2022-04-28
β–Ά
CVEList
CVE-2022-24372: Linksys MR9600 devices before 2β†—2022-04-27
β–Ά
CVE-2022-24372 β€” Link Following in Linksys | cvebase