RCE in Linksys Re6300

CVE-2019-11535

Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended f…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.051 (91.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

  • cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory, Release Notes)

Frequently asked questions

What is CVE-2019-11535?
CVE-2019-11535 is a critical-severity vulnerability in Linksys Re6300, classified under Command Injection. CVSS score: 9.8/10. Published 2019-07-17.
How severe is CVE-2019-11535?
Critical severity. CVSS v3 base score is 9.8 out of 10.