CVE-2015-5536

Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
belkinn300_dual-band_wi-fi_range_extender_firmware
1.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.belkin.com/us/support-article?articleNum=4975
http://www.securityfocus.com/bid/75978
http://www.securitytracker.com/id/1033295
http://www.zerodayinitiative.com/advisories/ZDI-15-343/
http://www.zerodayinitiative.com/advisories/ZDI-15-344/
http://www.zerodayinitiative.com/advisories/ZDI-15-346/
http://www.zerodayinitiative.com/advisories/ZDI-15-347/
http://www.zerodayinitiative.com/advisories/ZDI-15-348/
http://www.zerodayinitiative.com/advisories/ZDI-15-349/
http://www.zerodayinitiative.com/advisories/ZDI-15-350/
http://www.zerodayinitiative.com/advisories/ZDI-15-351/
http://www.belkin.com/us/support-article?articleNum=4975
http://www.securityfocus.com/bid/75978
http://www.securitytracker.com/id/1033295
http://www.zerodayinitiative.com/advisories/ZDI-15-343/
http://www.zerodayinitiative.com/advisories/ZDI-15-344/
http://www.zerodayinitiative.com/advisories/ZDI-15-346/
http://www.zerodayinitiative.com/advisories/ZDI-15-347/
http://www.zerodayinitiative.com/advisories/ZDI-15-348/
http://www.zerodayinitiative.com/advisories/ZDI-15-349/
http://www.zerodayinitiative.com/advisories/ZDI-15-350/
http://www.zerodayinitiative.com/advisories/ZDI-15-351/