Re-Solver

**Name of the Vulnerable Software and Affected Versions** Belkin LINKSYS RE6500 versions prior to 1.0.012.001 **Description** The issue allows remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the "goform/setSysAdm" page. This can be exploited by sending malicious input to this specific endpoint. **Recommendations** For versions prior to 1.0.012.001, update to version 1.0.012.001 or later to resolve the issue. As a temporary workaround, consider restricting access to the "goform/setSysAdm" page to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Belkin LINKSYS RE6500 versions prior to 1.0.11.001 **Description** The issue allows remote authenticated users to execute arbitrary commands via the "goform/systemCommand?command=" endpoint in conjunction with the "goform/pingstart" program. This can be exploited by sending a malicious request to the "/goform/systemCommand?command=" endpoint. **Recommendations** For versions prior to 1.0.11.001, update to version 1.0.11.001 or later to resolve the issue. As a temporary workaround, consider restricting access to the "goform/systemCommand" endpoint and the "goform/pingstart" program until a patch is applied. Avoid using the `command` variable in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Belkin LINKSYS RE6500 versions prior to 1.0.012.001 **Description** The issue allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the "upload settings.cgi" page. **Recommendations** For versions prior to 1.0.012.001, update to version 1.0.012.001 or later to resolve the issue. As a temporary workaround, consider restricting access to the "upload settings.cgi" page until a patch is available. Avoid using shell metacharacters in filenames for the upload settings.cgi page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Belkin LINKSYS RE6500 versions prior to 1.0.012.001 **Description** The issue allows remote attackers to cause a persistent denial of service, resulting in a segmentation fault. This can be achieved by sending a long `langSelectionOnly` parameter via the "/goform/langSwitch" API endpoint. **Recommendations** For versions prior to 1.0.012.001, update to version 1.0.012.001 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/goform/langSwitch" API endpoint to minimize the risk of exploitation. Avoid using the `langSelectionOnly` parameter in the affected API endpoint until the issue is resolved.