Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-5446

Опубликовано: 02 июн. 2025
Источник: nvd
CVSS3: 6.3
CVSS3: 9.8
CVSS2: 6.5
EPSS Низкий

Описание

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*
cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*
cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*
cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*
cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*
cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*
cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*

EPSS

Процентиль: 71%
0.00692
Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-77
CWE-78

Связанные уязвимости

github логотип

GHSA-wh8m-7455-r7m4

CVSS3: 6.3
github
8 месяцев назад

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

fstec логотип

BDU:2025-06491

CVSS3: 6.3
fstec
9 месяцев назад

Уязвимость функции RP_checkCredentialsByBBS() микропрограммного обеспечения усилителей беспроводного сигнала Linksys, позволяющая нарушителю выполнить произвольные команды

EPSS

Процентиль: 71%
0.00692
Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-77
CWE-78