CVE-2019-11535

{"id": "CVE-2019-11535", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-07-17T20:15:10.897", "references": [{"url": "http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI."}, {"lang": "es", "value": "Una entrada de usuario no saneada en la interfaz web para los productos extensores de WiFi de Linksys (RE6400 y RE6300 hasta versi\u00f3n 1.2.04.022), permite la ejecuci\u00f3n de comandos remota. Un atacante puede acceder a las configuraciones del sistema operativo del sistema y a los comandos que no fueron destinados para su uso fuera de la interfaz de usuario web."}], "lastModified": "2020-08-24T17:37:01.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linksys:re6400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DF60203-25C2-4CC9-A052-224816459F25", "versionEndIncluding": "1.2.04.022"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:linksys:re6400:1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "21D1A8F3-A23D-4655-9AD0-DBCC2B29B6FD"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linksys:re6300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "704816A7-8E47-421F-BC1C-56EC8441D9C1", "versionEndIncluding": "1.2.04.022"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:linksys:re6300:1:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "59B144B4-E40D-466B-973C-02465113B402"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}