CVE-2015-5536

Name of the Vulnerable Software and Affected Versions Belkin N300 Dual-Band Wi-Fi Range Extender versions prior to 1.04.10

Description The issue allows remote authenticated users to execute arbitrary commands via various parameters in different requests. Specifically, it affects the sub dir parameter in a "formUSBStorage" request, pinCode parameter in "formWpsStart" or "formiNICWpsStart" requests, wps enrolee pin parameter in a "formWlanSetupWPS" request, and unspecified parameters in "formWlanMP", "formBSSetSitesurvey", "formHwSet", or "formConnectionSetting" requests.

Recommendations For versions prior to 1.04.10, update the firmware to version 1.04.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints, such as "formUSBStorage", "formWpsStart", "formiNICWpsStart", "formWlanSetupWPS", "formWlanMP", "formBSSetSitesurvey", "formHwSet", and "formConnectionSetting", until the firmware can be updated. Avoid using the sub dir, pinCode, and wps enrolee pin parameters in the affected requests until the issue is resolved.