CVE-2025-5443

Name of the Vulnerable Software and Affected Versions Linksys RE6500 versions 1.0.013.001 through 1.2.07.001 Linksys RE6250 versions 1.0.013.001 through 1.2.07.001 Linksys RE6300 versions 1.0.013.001 through 1.2.07.001 Linksys RE6350 versions 1.0.013.001 through 1.2.07.001 Linksys RE7000 versions 1.0.013.001 through 1.2.07.001 Linksys RE9000 versions 1.0.013.001 through 1.2.07.001

Description A critical vulnerability was found in the Linksys devices. The issue affects the wirelessAdvancedHidden function of the file /goform/wirelessAdvancedHidden. The manipulation of the arguments ExtChSelector, 24GSelector, or 5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Linksys RE6500 version 1.0.013.001, consider disabling the wirelessAdvancedHidden function until a patch is available. For Linksys RE6250 version 1.0.013.001, restrict access to the /goform/wirelessAdvancedHidden file to minimize the risk of exploitation. For Linksys RE6300 version 1.0.013.001, avoid using the arguments ExtChSelector, 24GSelector, or 5GSelector in the affected function until the issue is resolved. For Linksys RE6350 version 1.0.013.001, apply configuration changes to limit the exposure of the vulnerable function. For Linksys RE7000 version 1.0.013.001, consider disabling the wirelessAdvancedHidden function until a patch is available. For Linksys RE9000 version 1.0.013.001, restrict access to the /goform/wirelessAdvancedHidden file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.