PT-2025-3416 · Linksys · Linksys E7350

Yanggao017

Published

2025-01-10

Updated

2025-01-15

CVE-2024-57225

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linksys E7350 version 1.1.00.032

Description A command injection issue was discovered via the devname parameter in the reset wifi function. This allows for potential exploitation.

Recommendations For Linksys E7350 version 1.1.00.032, consider disabling the reset wifi function until a patch is available to prevent command injection via the devname parameter. Restrict access to the reset wifi function to minimize the risk of exploitation. Avoid using the devname parameter in the affected function until the issue is resolved.

Exploit

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2024-57225

Affected Products

Linksys E7350

PT-2025-3416 · Linksys · Linksys E7350

CVE-2024-57225

Weakness Enumeration

Related Identifiers

Affected Products

References · 6