Linksys E5600 Firmware vulnerabilities

CVE-2025-29228 [CRITICAL] CWE-77 CVE-2025-29228: Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.

CVE-2025-29229 [CRITICAL] CWE-77 CVE-2025-29229: linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus. linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus.

CVE-2025-29231 [MEDIUM] CWE-79 CVE-2025-29231: A stored cross-site scripting (XSS) vulnerability in the page_save component of Linksys E5600 V1.1.0 A stored cross-site scripting (XSS) vulnerability in the page_save component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hostname and domainName parameters.

CVE-2025-9146 [HIGH] CWE-310 CVE-2025-9146: A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_ A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is described as diff

CVE-2025-45488 [CRITICAL] CWE-77 CVE-2025-45488: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.d Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter.

CVE-2025-45490 [CRITICAL] CWE-77 CVE-2025-45490: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.d Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter.

CVE-2025-45487 [CRITICAL] CWE-77 CVE-2025-45487: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.I Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function.

CVE-2025-45491 [CRITICAL] CWE-77 CVE-2025-45491: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.d Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter.

CVE-2025-45489 [CRITICAL] CWE-77 CVE-2025-45489: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.d Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter.

CVE-2025-29230 [HIGH] CWE-77 CVE-2025-29230: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.e Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the `pt["email"]` parameter.

CVE-2025-29223 [MEDIUM] CWE-77 CVE-2025-29223: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt param Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function.

CVE-2025-29226 [MEDIUM] CWE-77 CVE-2025-29226: In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnera In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter.

CVE-2025-29227 [MEDIUM] CWE-77 CVE-2025-29227: In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnera In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter.

CVE-2025-22997 [MEDIUM] CWE-79 CVE-2025-22997: A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E560 A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.

CVE-2025-22996 [MEDIUM] CWE-79 CVE-2025-22996: A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E560 A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter.

CVE-2024-33788 [HIGH] CWE-77 CVE-2024-33788: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint.

CVE-2024-33789 [CRITICAL] CWE-77 CVE-2024-33789: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl pa Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint.