Sign-up

ID

VAR-202404-2869


CVE

CVE-2024-25852


TITLE

Linksys  of  RE7000  Access control vulnerabilities in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2024-025119

DESCRIPTION

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the "AccessControlList" parameter of the access control function point. An attacker can use the vulnerability to obtain device administrator rights. Linksys of RE7000 Firmware contains an access control vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Linksys RE7000 is a wireless signal extender from Linksys, an American company

Trust: 2.16

sources: NVD: CVE-2024-25852 // JVNDB: JVNDB-2024-025119 // CNVD: CNVD-2025-02901

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-02901

AFFECTED PRODUCTS

vendor:linksysmodel:re7000scope:eqversion:2.0.15

Trust: 1.0

vendor:linksysmodel:re7000scope:eqversion:2.0.9

Trust: 1.0

vendor:linksysmodel:re7000scope:eqversion:2.0.11

Trust: 1.0

vendor:linksysmodel:re7000scope:eqversion:re7000 firmware 2.0.15

Trust: 0.8

vendor:linksysmodel:re7000scope:eqversion:re7000 firmware 2.0.11

Trust: 0.8

vendor:linksysmodel:re7000scope: - version: -

Trust: 0.8

vendor:linksysmodel:re7000scope:eqversion:re7000 firmware 2.0.9

Trust: 0.8

vendor:linksysmodel:re7000scope:eqversion: -

Trust: 0.8

vendor:linksysmodel:re7000scope:eqversion:v2.0.11

Trust: 0.6

vendor:linksysmodel:re7000scope:eqversion:v2.0.9

Trust: 0.6

vendor:linksysmodel:re7000scope:eqversion:v2.0.15

Trust: 0.6

sources: CNVD: CNVD-2025-02901 // JVNDB: JVNDB-2024-025119 // NVD: CVE-2024-25852

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-25852
value: HIGH

Trust: 1.0

OTHER: JVNDB-2024-025119
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-02901
value: HIGH

Trust: 0.6

CNVD: CNVD-2025-02901
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2024-25852
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-025119
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-02901 // JVNDB: JVNDB-2024-025119 // NVD: CVE-2024-25852

PROBLEMTYPE DATA

problemtype:CWE-284

Trust: 1.0

problemtype:Inappropriate access control (CWE-284) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-025119 // NVD: CVE-2024-25852

EXTERNAL IDS

db:NVDid:CVE-2024-25852

Trust: 3.2

db:JVNDBid:JVNDB-2024-025119

Trust: 0.8

db:CNVDid:CNVD-2025-02901

Trust: 0.6

sources: CNVD: CNVD-2025-02901 // JVNDB: JVNDB-2024-025119 // NVD: CVE-2024-25852

REFERENCES

url:https://github.com/zacksecurity/vulnerreport/blob/cve/linksys/1.md

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-25852

Trust: 1.4

url:https://immense-mirror-b42.notion.site/linksys-re7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd

Trust: 1.0

sources: CNVD: CNVD-2025-02901 // JVNDB: JVNDB-2024-025119 // NVD: CVE-2024-25852

SOURCES

db:CNVDid:CNVD-2025-02901
db:JVNDBid:JVNDB-2024-025119
db:NVDid:CVE-2024-25852

LAST UPDATE DATE

2025-06-20T23:21:01.435000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-02901date:2025-02-14T00:00:00
db:JVNDBid:JVNDB-2024-025119date:2025-06-18T01:29:00
db:NVDid:CVE-2024-25852date:2025-06-17T20:50:31.347

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-02901date:2025-02-13T00:00:00
db:JVNDBid:JVNDB-2024-025119date:2025-06-18T00:00:00
db:NVDid:CVE-2024-25852date:2024-04-11T21:15:07.980