CVE-2025-34037 Linksys Routers E/WAG/WAP/WES/WET/WRT-Series

🗓️ 24 Jun 2025 01:03:27Reported by VulnCheckType

OS command injection in Linksys E-Series Routers allows unauthenticated attackers to execute commands.

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2025-34037	24 Jun 202501:15	–	attackerkb
GithubExploit	Exploit for CVE-2025-34037	26 Mar 202621:55	–	githubexploit
Circl	CVE-2025-34037	29 May 201815:50	–	circl
CNNVD	Linksys E-Series 安全漏洞	24 Jun 202500:00	–	cnnvd
CVE	CVE-2025-34037	24 Jun 202501:03	–	cve
EUVD	EUVD-2025-18964	3 Oct 202520:07	–	euvd
NVD	CVE-2025-34037	24 Jun 202501:15	–	nvd
Positive Technologies	PT-2025-26664	23 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-34037	26 Jun 202503:12	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2025-34037	23 Jun 202500:00	–	vulncheck_kev

[
  {
    "vendor": "Linksys",
    "product": "E4200",
    "modules": [
      "Web Management Interface (tmUnblock.cgi and hndUnblock.cgi CGI scripts)"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.0.06",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Linksys",
    "product": "E3200",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.0.05",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Linksys",
    "product": "E3000",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.0.06",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Linksys",
    "product": "E2500 v1/v2",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2.0.00",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Linksys",
    "product": "E2100L v1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "1.0.05",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Linksys",
    "product": "E2000",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Linksys",
    "product": "E1550",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "1.0.03",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Linksys",
    "product": "E1500 v1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.0.06",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Linksys",
    "product": "E1200 v1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "1.0.04",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Linksys",
    "product": "E1000 v1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "2.1.03",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Linksys",
    "product": "E900 v1",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.0.04",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
vulncheck	www.vulncheck.com/advisories/linksys-routers-command-injection
exploit-db	www.exploit-db.com/exploits/31683
isc	www.isc.sans.edu/diary/17633

14 May 2026 02:07Current

CVSS 410

EPSS0.89265

CWE-78

cve-2025-34037 linksys routers command injection unauthenticated access shell command execution