A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_4/4.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.310780 | Permissions Required VDB Entry |
https://vuldb.com/?id.310780 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.584363 | Third Party Advisory VDB Entry |
https://www.linksys.com/ | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
25 Jun 2025, 18:10
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:* cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:* cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:* cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:* cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:* cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:* cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:* cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:* cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:* cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:* cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:* cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:* |
|
First Time |
Linksys re6300
Linksys re9000 Linksys re6300 Firmware Linksys re6500 Firmware Linksys re9000 Firmware Linksys re6350 Linksys Linksys re7000 Linksys re6500 Linksys re6250 Firmware Linksys re6250 Linksys re6350 Firmware Linksys re7000 Firmware |
|
References | () https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_4/4.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.310780 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.310780 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.584363 - Third Party Advisory, VDB Entry | |
References | () https://www.linksys.com/ - Product | |
Summary |
|
02 Jun 2025, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-02 11:15
Updated : 2025-06-25 18:10
NVD link : CVE-2025-5441
Mitre link : CVE-2025-5441
CVE.ORG link : CVE-2025-5441
JSON object : View
Products Affected
linksys
- re9000_firmware
- re6300_firmware
- re6350_firmware
- re6250
- re6500
- re6500_firmware
- re6300
- re9000
- re6350
- re7000
- re6250_firmware
- re7000_firmware