CVE-2025-5446

Published: Jun 2, 2025Modified: Jun 25, 2025

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (6)

Products: Linksys: Re9000 Firmware, Re6250 Firmware, Re6300 Firmware, Re6350 Firmware, Re7000 Firmware, Re6500 Firmware

6 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re9000 Firmware	Version 1.0.04.002

Running on/with	Platform Versions
Linksys Re9000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6250 Firmware	Version 1.0.04.001

Running on/with	Platform Versions
Linksys Re6250	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6300 Firmware	Version 1.2.07.001

Running on/with	Platform Versions
Linksys Re6300	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6350 Firmware	Version 1.0.04.001

Running on/with	Platform Versions
Linksys Re6350	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re7000 Firmware	Version 1.1.05.003

Running on/with	Platform Versions
Linksys Re7000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6500 Firmware	Version 1.0.013.001

Running on/with	Platform Versions
Linksys Re6500	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (5)

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_9/9.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.310785

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.310785

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.584368

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.linksys.com/

Source: cna@vuldb.com

Product

Timeline

No history available yet.