CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 2CVE-2020-35713
https://notcve.org/view.php?id=CVE-2020-35713
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. Los dispositivos Belkin LINKSYS RE6500 versiones anteriores a 1.0.012.001, permiten a atacantes remotos ejecutar comandos arbitrarios o establecer una nueva contraseña por medio de metacaracteres de shell en la página goform/setSysAdm • https://github.com/Al1ex/CVE-2020-35713 https://bugcrowd.com/disclosures/72d7246b-f77f-4f7f-9bd1-fdc35663cc92/linksys-re6500-unauthenticated-rce-working-across-multiple-fw-versions https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35714
https://notcve.org/view.php?id=CVE-2020-35714
Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. Los dispositivos Belkin LINKSYS RE6500 versiones anteriores a 1.0.11.001, permiten a usuarios autenticados remotos ejecutar comandos arbitrarios por medio de goform/systemCommand?command= en conjunto con el programa goform/pingstart • https://bugcrowd.com/disclosures/72d7246b-f77f-4f7f-9bd1-fdc35663cc92/linksys-re6500-unauthenticated-rce-working-across-multiple-fw-versions https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35715
https://notcve.org/view.php?id=CVE-2020-35715
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. Los dispositivos Belkin LINKSYS RE6500 versiones anteriores a 1.0.012.001, permiten a usuarios autenticados remotos ejecutar comandos arbitrarios por medio de metacaracteres de shell en un nombre de archivo a la página upload_settings.cgi • https://bugcrowd.com/disclosures/72d7246b-f77f-4f7f-9bd1-fdc35663cc92/linksys-re6500-unauthenticated-rce-working-across-multiple-fw-versions https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2020-35716
https://notcve.org/view.php?id=CVE-2020-35716
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. Los dispositivos Belkin LINKSYS RE6500 versiones anteriores a 1.0.012.001, permiten a atacantes remotos causar una denegación de servicio persistente (fallo de segmentación) por medio de un parámetro largo langSelectionOnly de /goform/langSwitch • https://bugcrowd.com/disclosures/72d7246b-f77f-4f7f-9bd1-fdc35663cc92/linksys-re6500-unauthenticated-rce-working-across-multiple-fw-versions https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html •