A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
Link | Resource |
---|---|
https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_9/9.md | Exploit Third Party Advisory |
https://vuldb.com/?ctiid.310785 | Permissions Required VDB Entry |
https://vuldb.com/?id.310785 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.584368 | Third Party Advisory VDB Entry |
https://www.linksys.com/ | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
25 Jun 2025, 17:24
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
First Time |
Linksys re6300
Linksys re9000 Linksys re6300 Firmware Linksys re6500 Firmware Linksys re9000 Firmware Linksys re6350 Linksys Linksys re7000 Linksys re6500 Linksys re6250 Firmware Linksys re6250 Linksys re6350 Firmware Linksys re7000 Firmware |
|
CPE | cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:* cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:* cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:* cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:* cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:* cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:* cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:* cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:* cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:* cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:* cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:* cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:* |
|
References | () https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_9/9.md - Exploit, Third Party Advisory | |
References | () https://vuldb.com/?ctiid.310785 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.310785 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.584368 - Third Party Advisory, VDB Entry | |
References | () https://www.linksys.com/ - Product |
02 Jun 2025, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-06-02 13:15
Updated : 2025-06-25 17:24
NVD link : CVE-2025-5446
Mitre link : CVE-2025-5446
CVE.ORG link : CVE-2025-5446
JSON object : View
Products Affected
linksys
- re9000_firmware
- re6300_firmware
- re6350_firmware
- re6250
- re6500
- re6500_firmware
- re6300
- re9000
- re6350
- re7000
- re6250_firmware
- re7000_firmware