Arbitrary Code Execution Vulnerability in Linksys E2500 Router
CVE-2024-40495

8HIGH

Key Information:

Vendor: Linksys
Status: E2500 Router
Vendor: CVE Published:; 24 July 2024

Summary

A security flaw in the Linksys E2500 Router's firmware, specifically version 2.0.00, enables authenticated attackers to exploit the hnd_parentalctrl_unblock function. This vulnerability could potentially allow unauthorized execution of arbitrary code, posing significant risks to the device's security and network integrity. Users are advised to apply available security updates and follow best practices for router security to mitigate potential threats.

References

http://linksys.com

http://e2500.com

https://github.com/iotaMing/IOT-CVE/blob/master/Linksys/C...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 24, 2024
Vulnerability Reserved
Jul 5, 2024