.. / CVE-2024-25852

Exploit for Linksys RE7000 - Command Injection (CVE-2024-25852)

Description:

Linksys RE7000 v2.0.9, v2.0.11, and v2.0.15 have a command execution vulnerability in the “AccessControlList” parameter of the access control function point

Nuclei Template

View the template here CVE-2024-25852.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-25852.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-25852
https://github.com/ZackSecurity/VulnerReport/blob/cve/Linksys/1.md
https://immense-mirror-b42.notion.site/Linksys-RE7000-command-injection-vulnerability-c1a47abf5e8d4dd0934d20d77da930bd