CVE-2019-11535
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.
Una entrada de usuario no saneada en la interfaz web para los productos extensores de WiFi de Linksys (RE6400 y RE6300 hasta versiĆ³n 1.2.04.022), permite la ejecuciĆ³n de comandos remota. Un atacante puede acceder a las configuraciones del sistema operativo del sistema y a los comandos que no fueron destinados para su uso fuera de la interfaz de usuario web.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-04-25 CVE Reserved
- 2019-07-17 CVE Published
- 2023-08-26 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linksys Search vendor "Linksys" | Re6400 Firmware Search vendor "Linksys" for product "Re6400 Firmware" | <= 1.2.04.022 Search vendor "Linksys" for product "Re6400 Firmware" and version " <= 1.2.04.022" | - |
Affected
| in | Linksys Search vendor "Linksys" | Re6400 Search vendor "Linksys" for product "Re6400" | 1 Search vendor "Linksys" for product "Re6400" and version "1" | - |
Safe
|
| Linksys Search vendor "Linksys" | Re6300 Firmware Search vendor "Linksys" for product "Re6300 Firmware" | <= 1.2.04.022 Search vendor "Linksys" for product "Re6300 Firmware" and version " <= 1.2.04.022" | - |
Affected
| in | Linksys Search vendor "Linksys" | Re6300 Search vendor "Linksys" for product "Re6300" | 1 Search vendor "Linksys" for product "Re6300" and version "1" | - |
Safe
|