Lucene search

MitreCVE-2019-11535

HistoryJul 17, 2019 - 8:15 p.m.

CVE-2019-11535

2019-07-1720:15:10

CWE-77

mitre

web.nvd.nist.gov

cve-2019-11535

linksys

wifi extender

remote command execution

web interface

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.008

Percentile

81.7%

JSON

Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.

Affected configurations

Nvd

Node

linksysre6400_firmwareRange≤1.2.04.022

AND

linksysre6400Match1

Node

linksysre6300_firmwareRange≤1.2.04.022

AND

linksysre6300Match1

VendorProductVersionCPE
linksysre6400_firmware*cpe:2.3:o:linksys:re6400_firmware:*:*:*:*:*:*:*:*
linksysre64001cpe:2.3:h:linksys:re6400:1:*:*:*:*:*:*:*
linksysre6300_firmware*cpe:2.3:o:linksys:re6300_firmware:*:*:*:*:*:*:*:*
linksysre63001cpe:2.3:h:linksys:re6300:1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linksys	re6400_firmware	*	cpe:2.3:o:linksys:re6400_firmware::::::::
linksys	re6400	1	cpe:2.3:h:linksys:re6400:1:::::::*
linksys	re6300_firmware	*	cpe:2.3:o:linksys:re6300_firmware::::::::
linksys	re6300	1	cpe:2.3:h:linksys:re6300:1:::::::*

References

s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.008

Percentile

81.7%

JSON

Related for CVE-2019-11535