First published: Wed Jul 17 2019(Updated: )
Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Linksys Re6400 Firmware | <=1.2.04.022 | |
Linksys Re6400 | =1 | |
Linksys Re6300 Firmware | <=1.2.04.022 | |
Linksys Re6300 | =1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11535 is a vulnerability in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) that allows for remote command execution.
CVE-2019-11535 has a severity rating of 9.8 out of 10, which is categorized as critical.
Linksys WiFi extender products RE6400 and RE6300 through firmware version 1.2.04.022 are affected by CVE-2019-11535.
An attacker can exploit CVE-2019-11535 by accessing system OS configurations and running commands through the web interface of the affected Linksys WiFi extenders.
Yes, a fix is available. It is recommended to update the firmware of the affected Linksys WiFi extenders to a version higher than 1.2.04.022.