Linksys E1700 systemCommand os command injection_CVE-2025-9528

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-9528

Source VulDB

Published Aug 27, 2025 at 13:02

Modified Aug 27, 2025 at 13:26

Affected Product

Vendor Linksys

Product E1700

Version 1.0.0.4.003

Affected Versions Linksys E1700 1.0.0.4.003

CWE Classification

CWE-78 CWE-77

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command can lead to os command injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-27T13:02:08.736Z",
    "modified": "2025-08-27T13:26:50.938Z",
    "type": "cve",
    "title": "Linksys E1700 systemCommand os command injection",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321545\nhttps://vuldb.com/?ctiid.321545\nhttps://vuldb.com/?submit.634827\nhttps://github.com/wudipjq/my_vuln/blob/main/Linksys2/vuln_61/61.md\nhttps://github.com/wudipjq/my_vuln/blob/main/Linksys2/vuln_61/61.md#poc\nhttps://www.linksys.com/",
    "id": "CVE-2025-9528",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78",
        "CWE-77"
    ],
    "cvelist": null,
    "sourceData": "Linksys E1700 1.0.0.4.003",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "E1700",
    "version": "1.0.0.4.003",
    "vendor": "Linksys",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}