The vulnerability of the sub_4153FC function in the /cgi-bin/sysconf.cgi script of the Linksys FGW3000-AH and FGW3000-HK Wi-Fi router microprogramming system allows a hacker to execute arbitrary commands.

🗓️ 30 May 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 3 Views

Vulnerability in Linksys FGW3000-AH/HK allows code execution via sub_4153FC in sysconf.cgi by crafted POSTs.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-4999	20 May 202521:16	–	circl
CNNVD	Linksys FGW3000-AH 注入漏洞	20 May 202500:00	–	cnnvd
CVE	CVE-2025-4999	20 May 202521:00	–	cve
Cvelist	CVE-2025-4999 Linksys FGW3000-AH/FGW3000-HK HTTP POST Request sysconf.cgi sub_4153FC command injection	20 May 202521:00	–	cvelist
EUVD	EUVD-2025-15959	3 Oct 202520:07	–	euvd
NVD	CVE-2025-4999	20 May 202521:15	–	nvd
OSV	CVE-2025-4999	20 May 202521:15	–	osv
Positive Technologies	PT-2025-22309 · Linksys · Linksys Fgw3000-Hk +1	26 Apr 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-4999	22 May 202521:21	–	redhatcve
Vulnrichment	CVE-2025-4999 Linksys FGW3000-AH/FGW3000-HK HTTP POST Request sysconf.cgi sub_4153FC command injection	20 May 202521:00	–	vulnrichment

Vulners

Node

linksys_holdings,fgw3000-hkRange≤1.0.17.000000

OR

linksys_holdings,fgw3000-ahRange≤1.0.17.000000

Source	Link
github	www.github.com/CH13hh/tmp_store_cc/blob/main/FGW3000/1.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
linksys	www.linksys.com/
web	www.web.nvd.nist.gov/view/vuln/detail

30 May 2025 00:00Current

7High risk

Vulners AI Score7

CVSS 36.3

CVSS 26.5

EPSS0.11321

Linksys firmware vulnerability sysconf.cgi post requests remote code execution supplicant parameter arbitrary commands