← Retour aux CVEs
CVE-2024-25852
HIGH8.8
Description
Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueADJACENT_NETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie4/11/2024
Derniere modification6/17/2025
Sourcenvd
Observations honeypot0
Produits affectes
linksys:re7000linksys:re7000_firmware
Faiblesses (CWE)
CWE-284
References
https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd(cve@mitre.org)
https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md(af854a3a-2127-422b-91ae-364da2661108)
https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.