CVE-2025-8821

Published: Aug 11, 2025Modified: Apr 29, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (6)

Products: Linksys: Re6250 Firmware, Re6300 Firmware, Re6350 Firmware, Re7000 Firmware, Re9000 Firmware, Re6500 Firmware

6 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6250 Firmware	Version 1.0.04.001

Running on/with	Platform Versions
Linksys Re6250	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6300 Firmware	Version 1.2.07.001

Running on/with	Platform Versions
Linksys Re6300	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6350 Firmware	Version 1.0.04.001

Running on/with	Platform Versions
Linksys Re6350	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re7000 Firmware	Version 1.1.05.003

Running on/with	Platform Versions
Linksys Re7000	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re9000 Firmware	Version 1.0.04.002

Running on/with	Platform Versions
Linksys Re9000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6500 Firmware	Version 1.0.013.001

Running on/with	Platform Versions
Linksys Re6500	All versions

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (8)

https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.319355

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.319355

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.626685

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.linksys.com/

Source: cna@vuldb.com

Product

https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.