CVE-2025-8829

Exploit

EPSS 0.51%
Published 11.08.2025 04:15:46
Last modified 04.09.2025 18:36:17
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected products Warnungen 0 Metrics 5 CWE 2 References 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Linksys ≫ Re6250 Firmware Version1.0.04.001

Linksys ≫ Re6250 Version-

Linksys ≫ Re6300 Firmware Version1.2.07.001

Linksys ≫ Re6300 Version-

Linksys ≫ Re6350 Firmware Version1.0.04.001

Linksys ≫ Re6350 Version-

Linksys ≫ Re7000 Firmware Version1.1.05.003

Linksys ≫ Re7000 Version-

Linksys ≫ Re9000 Firmware Version1.0.04.002

Linksys ≫ Re9000 Version-

Linksys ≫ Re6500 Firmware Version1.0.013.001

Linksys ≫ Re6500 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.51%	0.653

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://www.linksys.com/

Product

https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md

Third Party Advisory

Exploit

https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md#poc

Third Party Advisory

Exploit

https://vuldb.com/?ctiid.319363

VDB Entry

Permissions Required

https://vuldb.com/?id.319363