Vulnerability CVE-2015-5536


Published: 2015-08-13

Description:
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request.

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Belkin -> N300 dual-band wi-fi range extender firmware 

 References:
http://www.belkin.com/us/support-article?articleNum=4975
http://www.securityfocus.com/bid/75978
http://www.securitytracker.com/id/1033295
http://www.zerodayinitiative.com/advisories/ZDI-15-343/
http://www.zerodayinitiative.com/advisories/ZDI-15-344/
http://www.zerodayinitiative.com/advisories/ZDI-15-346/
http://www.zerodayinitiative.com/advisories/ZDI-15-347/
http://www.zerodayinitiative.com/advisories/ZDI-15-348/
http://www.zerodayinitiative.com/advisories/ZDI-15-349/
http://www.zerodayinitiative.com/advisories/ZDI-15-350/
http://www.zerodayinitiative.com/advisories/ZDI-15-351/

Copyright 2024, cxsecurity.com

 

Back to Top