CVE-2019-11535

critical

Description

Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.

References

http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt

Details

Source: Mitre, NVD

Published: 2019-07-17

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03363