CVE-2025-29227 — Command Injection in Linksys E5600 Firmware

CWE-77 — Command Injection3 documents3 sources

Severity

6.3MEDIUMNVD

EPSS

0.6%

top 30.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linksys E5600 Firmware

Timeline

PublishedMar 21

Description

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages1 packages

▶NVDlinksys/e5600_firmware1.1.0.26

🔴Vulnerability Details

CVEList

CVE-2025-29227: In Linksys E5600 V1↗2025-03-21

▶

GHSA

GHSA-h7hj-32w5-2fcq: In Linksys E5600 V1↗2025-03-21

▶