CVE-2024-25852 Information

Description

Linksys RE7000 v2.0.9 v2.0.11 and v2.0.15 have a command execution vulnerability in the \AccessControlList\ parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights.

Reference

https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md