CVE-2015-5536 - Eternal Henrys

Description

Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP (6) formBSSetSitesurvey (7) formHwSet or (8) formConnectionSetting request.

Reference

http://www.belkin.com/us/support-article?articleNum=4975 http://www.zerodayinitiative.com/advisories/ZDI-15-343/ http://www.zerodayinitiative.com/advisories/ZDI-15-344/ http://www.zerodayinitiative.com/advisories/ZDI-15-346/ http://www.zerodayinitiative.com/advisories/ZDI-15-348/ http://www.zerodayinitiative.com/advisories/ZDI-15-350/ http://www.zerodayinitiative.com/advisories/ZDI-15-349/ http://www.zerodayinitiative.com/advisories/ZDI-15-351/ http://www.zerodayinitiative.com/advisories/ZDI-15-347/ http://www.securityfocus.com/bid/75978 http://www.securitytracker.com/id/1033295