Vulnerability Description
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linksys | Re7000 Firmware | 2.0.9 |
| Linksys | Re7000 | - |
Related Weaknesses (CWE)
References
- https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.mdExploit
- https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerabBroken Link
- https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.mdExploit
- https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerabBroken Link
FAQ
What is CVE-2024-25852?
CVE-2024-25852 is a vulnerability with a CVSS score of 8.8 (HIGH). Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to o...
How severe is CVE-2024-25852?
CVE-2024-25852 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-25852?
Check the references section above for vendor advisories and patch information. Affected products include: Linksys Re7000 Firmware, Linksys Re7000.