Lucene search

[email protected]NVD:CVE-2024-36821

HistoryJun 11, 2024 - 6:15 p.m.

CVE-2024-36821

2024-06-1118:15:13

CWE-379

CWE-732

[email protected]

web.nvd.nist.gov

insecure permissions

linksys velop

wifi 5

privilege escalation

directory traversal

cve-2024-36821

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.3%

JSON

Insecure permissions in Linksys Velop WiFi 5 (WHW01v1) 1.1.13.202617 allows attackers to escalate privileges from Guest to root.

Affected configurations

Nvd

Node

linksysvelop_whw0101_firmwareMatch1.1.13.202617

AND

linksysvelop_whw0101Match-

VendorProductVersionCPE
linksysvelop_whw0101_firmware1.1.13.202617cpe:2.3:o:linksys:velop_whw0101_firmware:1.1.13.202617:*:*:*:*:*:*:*
linksysvelop_whw0101-cpe:2.3:h:linksys:velop_whw0101:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linksys	velop_whw0101_firmware	1.1.13.202617	cpe:2.3:o:linksys:velop_whw0101_firmware:1.1.13.202617:::::::*
linksys	velop_whw0101	-	cpe:2.3:h:linksys:velop_whw0101:-:::::::*

References

downloads.linksys.com/support/assets/releasenotes/WHW01_VLP01_1.1.13.202617_Customer_Release_Notes.txt

github.com/IvanGlinkin/CVE-2024-36821

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.3%

JSON

Related for NVD:CVE-2024-36821

cvelist1 vulnrichment1 cve1