CNNVD-202508-878 Information

CNNVD ID

CNNVD-202508-878

Related CVE

CVE-2025-8818

• CNNVD Published: 2025-08-10

Description (Chinese)

Linksys RE6250等都是美国Linksys公司的产品。Linksys RE6250是一款无线扩展器。Linksys RE6500是一款无线扩展器。Linksys EA6350是一款无线路由器。 Linksys多款产品存在命令注入漏洞，该漏洞源于文件/goform/setLan中函数setDFSSetting参数lanNetmask/lanIp导致OS命令注入，可能导致远程攻击。以下产品及版本受到影响：RE6250、RE6300、RE6350、RE6500、RE7000和RE9000 20250801及之前版本。

Description (English)

Linksys RE6250 and others are products of the United States company Linksys. Linksys RE6250 is a wireless extension. Linksys RE6500 is a wireless extension. Linksys EA6350 is a wireless router. Linksys multi-products have command-injected a loophole, which arises from the lanNetmask/lanIp-injecting of OS commands in the file/goform/setLan function setDFSSetting parameter, which could lead to a long-range attack. The following products and versions were affected: RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 20250801 and earlier.

Hazard Level

High

Vulnerability Type

命令注入

Affected Vendor

Linksys

Published

2025-08-10

Last Modified

2026-02-24

References

https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md#poc https://www.linksys.com/ https://vuldb.com/?ctiid.319352 https://vuldb.com/?submit.626682 https://vuldb.com/?id.319352 https://access.redhat.com/security/cve/cve-2025-8818