Vulnerability Details CVE-2024-25852
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.927
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 8.8
References
- https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md
- https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd
- https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md
- https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd
Products affected by CVE-2024-25852
-
cpe:2.3:h:linksys:re7000:-
-
cpe:2.3:o:linksys:re7000_firmware:2.0.11
-
cpe:2.3:o:linksys:re7000_firmware:2.0.15
-
cpe:2.3:o:linksys:re7000_firmware:2.0.9