CVE-2025-5444 Information

Jun 03, 2025 cve

Description

A vulnerability has been found in Linksys RE6500 RE6250 RE6300 RE6350 RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Reference

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_7/7.md https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_7/7.md https://vuldb.com/?ctiid.310783 https://vuldb.com/?id.310783 https://vuldb.com/?submit.584366 https://www.linksys.com/

Share on: