CVE-2025-9528

CWE-77Command InjectionCWE-78OS Command Injection5 documents5 sources
Severity
5.1MEDIUM
EPSS
0.6%
top 31.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Linksys E1700Linksys E1700 Firmware
Timeline
PublishedAug 27

Description

A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5linksys/e17001.0.0.4.003
NVDlinksys/e1700_firmware1.0.0.4.003

🔴Vulnerability Details

3
GHSA
GHSA-3m47-gr9p-qrv3: A vulnerability was determined in Linksys E1700 12025-08-27
CVEList
Linksys E1700 systemCommand os command injection2025-08-27
VulnCheck
linksys e1700_firmware Improper Neutralization of Special Elements used in a Command ('Command Injection')2025

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Linksys systemCommand command Parameter Command Injection Attempt (CVE-2025-9528)2025-08-27
CVE-2025-9528 (MEDIUM CVSS 5.1) | A vulnerability was determined in L | cvebase.io