CVE-2025-8821

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 versions prior to 20250801 Linksys RE6300 versions prior to 20250801 Linksys RE6350 versions prior to 20250801 Linksys RE6500 versions prior to 20250801 Linksys RE7000 versions prior to 20250801 Linksys RE9000 versions prior to 20250801

Description: A vulnerability exists in Linksys RE-Series Range Extenders. The issue resides in the RP setBasic function within the /goform/RP setBasic file. Manipulation of the bssid argument can lead to operating system command injection. This attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations: Linksys RE6250 versions prior to 20250801: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 versions prior to 20250801: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 versions prior to 20250801: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 versions prior to 20250801: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 versions prior to 20250801: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 versions prior to 20250801: At the moment, there is no information about a newer version that contains a fix for this vulnerability.