CVE-2015-5536
Description
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
References
- http://www.belkin.com/us/support-article?articleNum=4975
- http://www.securityfocus.com/bid/75978
- http://www.securitytracker.com/id/1033295
- http://www.zerodayinitiative.com/advisories/ZDI-15-343/
- http://www.zerodayinitiative.com/advisories/ZDI-15-344/
- http://www.zerodayinitiative.com/advisories/ZDI-15-346/
- http://www.zerodayinitiative.com/advisories/ZDI-15-347/
- http://www.zerodayinitiative.com/advisories/ZDI-15-348/
- http://www.zerodayinitiative.com/advisories/ZDI-15-349/
- http://www.zerodayinitiative.com/advisories/ZDI-15-350/
- http://www.zerodayinitiative.com/advisories/ZDI-15-351/
- http://www.belkin.com/us/support-article?articleNum=4975
- http://www.securityfocus.com/bid/75978
- http://www.securitytracker.com/id/1033295
- http://www.zerodayinitiative.com/advisories/ZDI-15-343/
- http://www.zerodayinitiative.com/advisories/ZDI-15-344/
- http://www.zerodayinitiative.com/advisories/ZDI-15-346/
- http://www.zerodayinitiative.com/advisories/ZDI-15-347/
- http://www.zerodayinitiative.com/advisories/ZDI-15-348/
- http://www.zerodayinitiative.com/advisories/ZDI-15-349/
- http://www.zerodayinitiative.com/advisories/ZDI-15-350/
- http://www.zerodayinitiative.com/advisories/ZDI-15-351/
CWEs
CWE-264
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.