CVE-2015-5536 : Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows r

Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request.

Published 2015-08-13 14:59:09

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2015-5536

Belkin » N300 Dual-band Wi-fi Range Extender Firmware » Version: 1.0.0
cpe:2.3:o:belkin:n300_dual-band_wi-fi_range_extender_firmware:1.0.0:*:*:*:*:*:*:*
Matching versions
When used together with: Belkin » N300 Dual-band Wi-fi Range Extender

Exploit prediction scoring system (EPSS) score for CVE-2015-5536

EPSS FAQ

3.35%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-5536

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-5536

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-5536

http://www.zerodayinitiative.com/advisories/ZDI-15-344/

ZDI-15-344 | Zero Day Initiative
http://www.zerodayinitiative.com/advisories/ZDI-15-346/

ZDI-15-346 | Zero Day Initiative
http://www.zerodayinitiative.com/advisories/ZDI-15-350/

ZDI-15-350 | Zero Day Initiative
http://www.securityfocus.com/bid/75978

Belkin N300 Dual-Band Wi-Fi Range Extender Multiple Remote Code Execution Vulnerabilities
http://www.zerodayinitiative.com/advisories/ZDI-15-348/

ZDI-15-348 | Zero Day Initiative
http://www.belkin.com/us/support-article?articleNum=4975

Belkin Official Support - F9K1111 Downloads
Patch
http://www.zerodayinitiative.com/advisories/ZDI-15-343/

ZDI-15-343 | Zero Day Initiative
http://www.zerodayinitiative.com/advisories/ZDI-15-347/

ZDI-15-347 | Zero Day Initiative
http://www.zerodayinitiative.com/advisories/ZDI-15-349/

ZDI-15-349 | Zero Day Initiative
http://www.securitytracker.com/id/1033295

Belkin N300 Dual-Band Wi-Fi Range Extender Flaw Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System - SecurityTracker
http://www.zerodayinitiative.com/advisories/ZDI-15-351/

ZDI-15-351 | Zero Day Initiative

Jump to

Vulnerability Details : CVE-2015-5536

Products affected by CVE-2015-5536

Exploit prediction scoring system (EPSS) score for CVE-2015-5536

CVSS scores for CVE-2015-5536

CWE ids for CVE-2015-5536

References for CVE-2015-5536