2 matches found
CVE-2025-34037 Linksys Routers E/WAG/WAP/WES/WET/WRT-Series
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcpip parameter without sanitization, allowing...
CVE-2025-34037
CVE-2025-34037 is an OS command injection in Linksys E-Series routers, exploitable via unauthenticated HTTP POSTs to /tmUnblock.cgi or /hndUnblock.cgi on port 8080. The issue stems from improper sanitization of the ttcp_ip parameter, enabling shell command injection and arbitrary code execution. ...