CVE-2025-45490

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linksys E5600 version 1.1.0.26

Description A command injection issue was found in the runtime.ddnsStatus DynDNS function, specifically via the password parameter. This allows for potential exploitation.

Recommendations For Linksys E5600 version 1.1.0.26, avoid using the password parameter in the runtime.ddnsStatus DynDNS function until a fix is available. As a temporary workaround, consider restricting access to the DynDNS function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

BDU:2025-11327

CVE-2025-45490

Affected Products

Linksys E5600

CVE-2025-45490

Weakness Enumeration

Related Identifiers

Affected Products

References · 8