What is CVE-2024-25852?

CVE-2024-25852 is a vulnerability in N/a. Published 2024-04-11.

Is CVE-2024-25852 known to be exploited?

24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2024-25852

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.

EPSS: 0.930 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

0day404/HV-2024-POC
12442RF/POC
20142995/nuclei-templates
AboSteam/POPC
DMW11525708/wiki
Lern0n/Lernon-POC
Linxloop/fork_
Warren-Jace/poc-doc
WhosGa/MyWiki
Yuan08o/pocs

References

immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c…
github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md

Frequently asked questions

What is CVE-2024-25852?: CVE-2024-25852 is a vulnerability in N/a. Published 2024-04-11.
Is CVE-2024-25852 known to be exploited?: 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.