CVE-2025-8829

CVE-2025-8829 affects Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. The vulnerability is in the um_red function of the file /goform/RP_setBasicAuto; manipulation of the hname parameter leads to OS command injection. The attack can be launched remotely, and public discl...

CVE-2025-8829 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_red os command injection

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function umred of the file /goform/RPsetBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched...

CVE-2025-8829 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_red os command injection

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function umred of the file /goform/RPsetBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched...

CVE-2025-8828

The CVE-2025-8828 entry affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 device families. The root cause is manipulation of arguments to the ipv6cmd function in /goform/setIpv6, which leads to OS command injection. A remote attacker can trigger the vulnerability without user interaction,...

CVE-2025-8828 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 ipv6cmd os command injection

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument...

CVE-2025-8825

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RPsetBasicAuto of the file /goform/RPsetBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiat...

CVE-2025-8825

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RPsetBasicAuto of the file /goform/RPsetBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiat...

CVE-2025-8827

CVE-2025-8827 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000. Root cause: a flaw in the function um_inspect_cross_band in the file /goform/RP_setBasicAuto where manipulating the staticGateway argument leads to OS command injection. The vulnerability can be exploited remotely; the explo...

CVE-2025-8823

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be...

CVE-2025-8823

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be...

CVE-2025-8825

The CVE-2025-8825 vulnerability affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 (firmware up to 20250801). Root cause: manipulation of staticIp/staticNetmask in the RP_setBasicAuto function (/goform/RP_setBasicAuto) enables OS command injection. Exploitation can be performed remotely, a...

CVE-2025-8821

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RPsetBasic of the file /goform/RPsetBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The...

CVE-2025-8823

CVE-2025-8823 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 up to 20250801. The issue is in the function setDeviceName of /goform/setDeviceName, where manipulating the DeviceName argument leads to OS command injection. The vulnerability can be exploited remotely, and public proof-of-e...

CVE-2025-8823 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDeviceName os command injection

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be...

CVE-2025-8821

CVE-2025-8821 affects Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 series. Root cause: manipulation of the bssid argument in RP_setBasic (/goform/RP_setBasic) enables OS command injection. Vulnerable versions are listed up to 20250801. Exploitation may be initiated remotely; the exploit has ...

CVE-2025-8821 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasic os command injection

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RPsetBasic of the file /goform/RPsetBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The...

CVE-2025-8818

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched...

CVE-2025-8818 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setLan setDFSSetting os command injection

A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched...

CVE-2025-8752

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...

CVE-2025-8752 wangzhixuan spring-shiro-training add command injection

A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The...