PT-2025-34863 · Linksys · Linksys E1700
Bond_Yes
·
Published
2025-08-27
·
Updated
2025-08-27
·
CVE-2025-9528
Bond_Yes
·
Published
2025-08-27
·
Updated
2025-08-27
·
CVE-2025-9528
5.8
Medium
| Base vector | Vector | AV:N/AC:L/Au:M/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Linksys E1700 version 1.0.0.4.003
Description:
A vulnerability exists in the `systemCommand` function of the `/goform/systemCommand` file. Manipulation of the `command` argument can lead to OS command injection. The attack may be launched remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.
Recommendations:
As a temporary workaround, consider restricting access to the `/goform/systemCommand` file to minimize the risk of exploitation.
Exploit
Fix
Command Injection
OS Command Injection