Command Injection Vulnerability in Belkin N300 Dual-Band Wi-Fi Range Extender
CVE-2015-5536

Currently unrated

Key Information:

Vendor: Belkin
Status: N300 Dual-band Wi-fi Range Extender Firmware
Vendor: CVE Published:; 13 August 2015

What is CVE-2015-5536?

The Belkin N300 Dual-Band Wi-Fi Range Extender is susceptible to a command injection vulnerability that may be exploited by remote authenticated users. By manipulating certain parameters such as sub_dir in formUSBStorage, pinCode in formWpsStart or formiNICWpsStart, wps_enrolee_pin in formWlanSetupWPS, and other unspecified parameters in various forms, attackers can execute arbitrary commands on the device. This flaw underscores the importance of timely updates and rigorous security measures in network devices to prevent unauthorized access and maintain integrity.

References

http://www.zerodayinitiative.com/advisories/ZDI-15-350/

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-15-349/

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-15-343/

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2015
Vulnerability Reserved
Jul 16, 2015