CVE-2025-5438

Name of the Vulnerable Software and Affected Versions Linksys RE6500 version 1.0.013.001 Linksys RE6250 version 1.0.013.001 Linksys RE6300 version 1.0.013.001 Linksys RE6350 version 1.0.013.001 Linksys RE7000 version 1.0.013.001 Linksys RE9000 version 1.0.013.001 Linksys RE6500 version 1.0.04.001 Linksys RE6500 version 1.0.04.002 Linksys RE6500 version 1.1.05.003 Linksys RE6500 version 1.2.07.001

Description A critical vulnerability was found in the WPS function of the file /goform/WPS, allowing command injection via manipulation of the PIN argument. This issue can be exploited remotely.

Recommendations For Linksys RE6500 version 1.0.013.001, consider disabling the WPS function until a patch is available. For Linksys RE6250 version 1.0.013.001, consider disabling the WPS function until a patch is available. For Linksys RE6300 version 1.0.013.001, consider disabling the WPS function until a patch is available. For Linksys RE6350 version 1.0.013.001, consider disabling the WPS function until a patch is available. For Linksys RE7000 version 1.0.013.001, consider disabling the WPS function until a patch is available. For Linksys RE9000 version 1.0.013.001, consider disabling the WPS function until a patch is available. For Linksys RE6500 version 1.0.04.001, consider disabling the WPS function until a patch is available. For Linksys RE6500 version 1.0.04.002, consider disabling the WPS function until a patch is available. For Linksys RE6500 version 1.1.05.003, consider disabling the WPS function until a patch is available. For Linksys RE6500 version 1.2.07.001, consider disabling the WPS function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.