CVE-2025-34037 Information

Description

An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization allowing unauthenticated attackers to inject shell commands. This vulnerability is exploited in the wild by the \TheMoon\ worm to deploy a MIPS ELF payload enabling arbitrary code execution on the router. This vulnerability may affect other Linksys products to include but not limited to WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers.

Reference

https://isc.sans.edu/diary/17633 https://vulncheck.com/advisories/linksys-routers-command-injection https://www.exploit-db.com/exploits/31683

Related CNNVD

CNNVD-202506-3022 (Published: 2025-06-24)