Description
Unsanitized user input in the web interface for Linksys WiFi extender products (RE6400 and RE6300 through 1.2.04.022) allows for remote command execution. An attacker can access system OS configurations and commands that are not intended for use beyond the web UI.
References (1)
Core 1
Core References
Release Notes, Third Party Advisory x_refsource_confirm
http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/Linksys%20RE6300%20RE6400%20Firmware%20Release%20Notes_v1.2.05.001.txt
Scores
CVSS v3
9.8
EPSS
0.0336
EPSS Percentile
87.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (2)
linksys/re6300_firmware
< 1.2.04.022
linksys/re6400_firmware
< 1.2.04.022
Published
Jul 17, 2019
Tracked Since
Feb 18, 2026