What is CVE-2020-35713?

CVE-2020-35713 is a vulnerability in N/a. Published 2020-12-26.

Is CVE-2020-35713 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-35713

Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.

EPSS: 0.936 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

Al1ex/CVE-2020-35713
20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
developer3000S/PoC-in-GitHub
nomi-sec/PoC-in-GitHub

References

resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html (x_refsource_MISC)
downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1… (x_refsource_MISC)
bugcrowd.com/disclosures/72d7246b-f77f-4f7f-9bd1-fdc35663cc92/linksys-re6500-un… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-35713?: CVE-2020-35713 is a vulnerability in N/a. Published 2020-12-26.
Is CVE-2020-35713 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.