CVE-2025-5442Command Injection in Linksys Re6250

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
5.7%
top 9.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Linksys Re6250Linksys Re6300Linksys Re6350+9 more
Timeline
PublishedJun 2

Description

A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosu

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages12 packages

CVEListV5linksys/re62505 versions+4
CVEListV5linksys/re63005 versions+4
CVEListV5linksys/re63505 versions+4
CVEListV5linksys/re65005 versions+4
CVEListV5linksys/re70005 versions+4

🔴Vulnerability Details

2
CVEList
Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_pingGatewayByBBS os command injection2025-06-02
GHSA
GHSA-rjm9-pqrp-74v6: A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 12025-06-02
CVE-2025-5442 — Command Injection in Linksys Re6250 | cvebase