⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2024-25852Improper Access Control in Linksys Re7000 Firmware

CWE-284Improper Access Control5 documents5 sources
Severity
8.8HIGHNVD
EPSS
93.0%
top 0.21%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Linksys Re7000 Firmware
Timeline
PublishedApr 11

Description

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDlinksys/re7000_firmware2.0.11, 2.0.15, 2.0.9+2

🔴Vulnerability Details

3
GHSA
GHSA-p5q9-4vg3-6x89: Linksys RE7000 v22024-04-11
CVEList
CVE-2024-25852: Linksys RE7000 v22024-04-11
VulnCheck
Linksys RE7000 AccessControlList Vulnerability2024

💥Exploits & PoCs

1
Nuclei
Linksys RE7000 - Command Injection
CVE-2024-25852 — Improper Access Control in Linksys | cvebase