Linksys E1700 Firmware vulnerabilities

CVE-2025-9526 [HIGH] CWE-119 CVE-2025-9526: A vulnerability has been found in Linksys E1700 1.0.0.4.003. Affected by this issue is the function A vulnerability has been found in Linksys E1700 1.0.0.4.003. Affected by this issue is the function setSysAdm of the file /goform/setSysAdm. Such manipulation of the argument rm_port leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about

CVE-2025-9525 [HIGH] CWE-119 CVE-2025-9525: A flaw has been found in Linksys E1700 1.0.0.4.003. Affected by this vulnerability is the function s A flaw has been found in Linksys E1700 1.0.0.4.003. Affected by this vulnerability is the function setWan of the file /goform/setWan. This manipulation of the argument DeviceName/lanIp causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclo

CVE-2025-9527 [HIGH] CWE-119 CVE-2025-9527: A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the fi A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ack_policy results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure

CVE-2025-9528 [MEDIUM] CWE-77 CVE-2025-9528: A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted

CVE-2024-22544 [HIGH] CWE-77 CVE-2024-22544: An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attac An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function.

CVE-2024-22543 [MEDIUM] CWE-613 CVE-2024-22543: An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function.