CVE-2025-9528

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Linksys E1700 version 1.0.0.4.003

Description: A vulnerability exists in the systemCommand function of the /goform/systemCommand file. Manipulation of the command argument can lead to OS command injection. The attack may be launched remotely. The exploit has been publicly disclosed. The vendor was contacted regarding this disclosure but did not respond.

Recommendations: As a temporary workaround, consider restricting access to the /goform/systemCommand file to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

BDU:2025-10904

CVE-2025-9528

Affected Products

Linksys E1700

CVE-2025-9528

Weakness Enumeration

Related Identifiers

Affected Products

References · 12