Vulnerability Details CVE-2015-5536
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.8%
CVSS Severity
CVSS v2 Score 9.0
References
- http://www.belkin.com/us/support-article?articleNum=4975
- http://www.securityfocus.com/bid/75978
- http://www.securitytracker.com/id/1033295
- http://www.zerodayinitiative.com/advisories/ZDI-15-343/
- http://www.zerodayinitiative.com/advisories/ZDI-15-344/
- http://www.zerodayinitiative.com/advisories/ZDI-15-346/
- http://www.zerodayinitiative.com/advisories/ZDI-15-347/
- http://www.zerodayinitiative.com/advisories/ZDI-15-348/
- http://www.zerodayinitiative.com/advisories/ZDI-15-349/
- http://www.zerodayinitiative.com/advisories/ZDI-15-350/
- http://www.zerodayinitiative.com/advisories/ZDI-15-351/
- http://www.belkin.com/us/support-article?articleNum=4975
- http://www.securityfocus.com/bid/75978
- http://www.securitytracker.com/id/1033295
- http://www.zerodayinitiative.com/advisories/ZDI-15-343/
- http://www.zerodayinitiative.com/advisories/ZDI-15-344/
- http://www.zerodayinitiative.com/advisories/ZDI-15-346/
- http://www.zerodayinitiative.com/advisories/ZDI-15-347/
- http://www.zerodayinitiative.com/advisories/ZDI-15-348/
- http://www.zerodayinitiative.com/advisories/ZDI-15-349/
- http://www.zerodayinitiative.com/advisories/ZDI-15-350/
- http://www.zerodayinitiative.com/advisories/ZDI-15-351/
Products affected by CVE-2015-5536
-
cpe:2.3:h:belkin:n300_dual-band_wi-fi_range_extender:*
-
cpe:2.3:o:belkin:n300_dual-band_wi-fi_range_extender_firmware:1.0.0