CVE-2019-11535
Published Jul 17, 2019
Last updated 4 years ago
Overview
- Description
- Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-77
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6400_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DF60203-25C2-4CC9-A052-224816459F25",
"versionEndIncluding": "1.2.04.022"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6400:1:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "21D1A8F3-A23D-4655-9AD0-DBCC2B29B6FD"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "704816A7-8E47-421F-BC1C-56EC8441D9C1",
"versionEndIncluding": "1.2.04.022"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:1:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "59B144B4-E40D-466B-973C-02465113B402"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]