CVE-2025-29226

CWE-77 — Command Injection3 documents3 sources

Severity

6.3MEDIUM

EPSS

0.6%

top 30.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linksys E5600 Firmware

Timeline

PublishedMar 21

Description

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages1 packages

▶NVDlinksys/e5600_firmware1.1.0.26

🔴Vulnerability Details

CVEList

CVE-2025-29226: In Linksys E5600 V1↗2025-03-21

▶

GHSA

GHSA-9xhf-3wg6-87r4: In Linksys E5600 V1↗2025-03-21

▶