← Back to CVEs
CVE-2024-25852
HIGH8.8
Description
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.
CVE Details
CVSS v3.1 Score8.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorADJACENT_NETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published4/11/2024
Last Modified6/17/2025
Sourcenvd
Honeypot Sightings0
Affected Products
linksys:re7000linksys:re7000_firmware
Weaknesses (CWE)
CWE-284
References
https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd(cve@mitre.org)
https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md(af854a3a-2127-422b-91ae-364da2661108)
https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.