CVE-2024-25852

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-25852
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md
https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd
https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md
https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd
Configurations

No configuration.

History

21 Nov 2024, 09:01

Type Values Removed Values Added
References () https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md - () https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md -
References () https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd - () https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd -

14 Aug 2024, 20:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CWE CWE-284

12 Apr 2024, 12:43

Type Values Removed Values Added
Summary
  • (es) Linksys RE7000 v2.0.9, v2.0.11 y v2.0.15 tienen una vulnerabilidad de ejecución de comandos en el parámetro "AccessControlList" del punto de función de control de acceso. Un atacante puede utilizar la vulnerabilidad para obtener derechos de administrador del dispositivo.

11 Apr 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-11 21:15

Updated : 2024-11-21 09:01

NVD link : CVE-2024-25852

Mitre link : CVE-2024-25852

CVE.ORG link : CVE-2024-25852

JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024