Published: 26/12/2020 Updated: 28/12/2020

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Belkin LINKSYS RE6500 devices prior to 1.0.012.001 allow remote malicious users to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linksys re6500_firmware

CVE-2020-35713

Description Belkin LINKSYS RE6500 devices before 10012001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page How to use Step 1: Modify the IP address in cve-2020-35713py file to the target address Step 2: Run the cve-2020-35713py to change the password Step 3: login test

CWE-78 https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt https://bugcrowd.com/disclosures/72d7246b-f77f-4f7f-9bd1-fdc35663cc92/linksys-re6500-unauthenticated-rce-working-across-multiple-fw-versions https://nvd.nist.gov https://github.com/Al1ex/CVE-2020-35713

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-35713

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect