CVE-2025-8828

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 36.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Linksys Re6250Linksys Re6300Linksys Re6350+9 more
Timeline
PublishedAug 11

Description

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injectio

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages12 packages

CVEListV5linksys/re625020250801
CVEListV5linksys/re630020250801
CVEListV5linksys/re635020250801
CVEListV5linksys/re650020250801
CVEListV5linksys/re700020250801

🔴Vulnerability Details

2
GHSA
GHSA-39fh-qxfv-76gc: A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 202508012025-08-11
CVEList
Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 ipv6cmd os command injection2025-08-11
CVE-2025-8828 (MEDIUM CVSS 5.3) | A vulnerability was determined in L | cvebase.io