CVE-2024-25852
published 2024-04-11CVE-2024-25852: Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point…
high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
ITWEXPLOIT
Exploited in the wild
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linksys | re7000_firmware | — | — |
| linksys | re7000_firmware | — | — |
| linksys | re7000_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck8.8HIGH