CVE-2020-35713: OS Command Injection
First published: Sat Dec 26 2020(Updated: )
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linksys Re6500 Firmware | <1.0.012.001 | |
| LINKSYS RE6500 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugcrowd.com/disclosures/72d7246b-f77f-4f7f-9bd1-fdc35663cc92/linksys-re6500-unauthenticated-rce-working-across-multiple-fw-versions
- https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt
- https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-35713.
What is the severity of CVE-2020-35713?
The severity of CVE-2020-35713 is critical.
How does CVE-2020-35713 affect Belkin LINKSYS RE6500 devices?
CVE-2020-35713 allows remote attackers to execute arbitrary commands or set a new password on Belkin LINKSYS RE6500 devices.
What is the affected software version of Belkin LINKSYS RE6500 devices?
The affected software version of Belkin LINKSYS RE6500 devices is 1.0.012.001.
How can I fix CVE-2020-35713?
To fix CVE-2020-35713, update your Belkin LINKSYS RE6500 device firmware to version 1.0.012.001 or above.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/linksys
- canonical/linksys re6500 firmware
- canonical/linksys re6500