RCE in Linksys Re6300
CVE-2019-11535
Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended f…
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.051 (91.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Linksys Re6300 — versions 1
- Linksys Re6300_firmware
- Linksys Re6400 — versions 1
- Linksys Re6400_firmware
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Third Party Advisory, Release Notes)
Frequently asked questions
- What is CVE-2019-11535?
- CVE-2019-11535 is a critical-severity vulnerability in Linksys Re6300, classified under Command Injection. CVSS score: 9.8/10. Published 2019-07-17.
- How severe is CVE-2019-11535?
- Critical severity. CVSS v3 base score is 9.8 out of 10.