Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.
References
Link | Resource |
---|---|
http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt | Release Notes Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-07-17 20:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-11535
Mitre link : CVE-2019-11535
CVE.ORG link : CVE-2019-11535
JSON object : View
Products Affected
linksys
- re6300
- re6300_firmware
- re6400
- re6400_firmware
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')