CRITICAL🇵🇱 Wersja polska

CVE-2025-45487

CVSS 9.8v3.1pub. 2025-05-06upd. 2025-05-13

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function.

🤖 AI Analysis
How it works

The vulnerability results from improper validation or lack of sanitization of input data passed to the runtime.InternetConnection function in the router firmware. An attacker can provide crafted input containing malicious system commands that will be executed in the context of the device operating system. Due to the network vector (AV:N) and lack of authentication requirements (PR:N) and user interaction (UI:N), the attack can be conducted remotely without any privileges.

Impact

Successful exploitation of this vulnerability may allow an attacker to gain complete control over the device, including reading and modifying configuration data, installing malicious software, and using the router as an entry point to the local network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until the update is applied, it is recommended to restrict access to the device management interface only to trusted IP addresses and disable remote management from the WAN network side.

Who is affected

Linksys E5600 with firmware version v1.1.0.26

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linksys E5600

    HW
    Linksys
    wszystkie wersje
  • Linksys E5600 Firmware

    OS
    Linksys
    1.1.0.26
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-29228CRITICAL9.8PL ✓ten sam produkt

Command injection w Linksys E5600 — parametr mc.ip funkcji macClone

CVE-2025-29229CRITICAL9.8PL ✓ten sam produkt

Command injection w Linksys E5600 — funkcja ddnsStatus

CVE-2025-45489CRITICAL9.8PL ✓ten sam produkt

Command injection w Linksys E5600 via parametr hostname (DynDNS)

CVE-2025-45488CRITICAL9.8PL ✓ten sam produkt

Command injection w Linksys E5600 via parametr mailex funkcji DynDNS

CVE-2025-45490CRITICAL9.8PL ✓ten sam produkt

Command injection w Linksys E5600 via parametr password funkcji DynDNS