8.8

CVE-2024-25852

Exploit
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinksysRe7000 Firmware Version2.0.9
   LinksysRe7000 Version-
LinksysRe7000 Firmware Version2.0.11
   LinksysRe7000 Version-
LinksysRe7000 Firmware Version2.0.15
   LinksysRe7000 Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16.52% 0.966
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md
Exploit
https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd
Broken Link