{"id":6251,"date":"2025-06-02T19:32:33","date_gmt":"2025-06-02T19:32:33","guid":{"rendered":"http:\/\/localhost\/?p=6251"},"modified":"2025-06-02T19:32:33","modified_gmt":"2025-06-02T19:32:33","slug":"linksys-re6500re6250re6300re6350re7000re9000-wirelessadvancedhidden-os-command-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=6251","title":{"rendered":"Linksys RE6500\/RE6250\/RE6300\/RE6350\/RE7000\/RE9000 wirelessAdvancedHidden os command injection"},"content":{"rendered":"

CVE Details<\/h2>\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nLinksys RE6500\/RE6250\/RE6300\/RE6350\/RE7000\/RE9000 wirelessAdvancedHidden os command injection<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-02T11:31:04.438Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nLinksys<\/td>\n<\/tr>\n
Product<\/th>\nRE6500<\/td>\n<\/tr>\n
Version<\/th>\n1.0.013.001<\/td>\n<\/tr>\n<\/table>\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:L\/VI:L\/VA:L\/SC:N\/SI:N\/SA:N<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA critical vulnerability in Linksys RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 allows remote attackers to execute arbitrary OS commands via the ExtChSelector\/24GSelector\/5GSelector parameters in the wirelessAdvancedHidden function. The exploit is publicly available, and the vendor has not responded to the disclosure.<\/td>\n<\/tr>\n
AI Severity<\/th>\nCritical<\/td>\n<\/tr>\n
Vendor<\/th>\nLinksys<\/td>\n<\/tr>\n
Product<\/th>\nRE6500, RE6250, RE6300, RE6350, RE7000, RE9000<\/td>\n<\/tr>\n
Affected Version<\/th>\n1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, 1.2.07.001<\/td>\n<\/tr>\n<\/table>\n

Additional Information<\/h3>\n\n\n\n\n\n
CVE List<\/th>\n<\/td>\n<\/tr>\n
CWE List<\/th>\nCWE-78, CWE-77<\/td>\n<\/tr>\n
Bulletin Family<\/th>\n<\/td>\n<\/tr>\n
Source Data<\/th>\nLinksys RE6500 1.0.013.001
\nLinksys RE6500 1.0.04.001
\nLinksys RE6500 1.0.04.002
\nLinksys RE6500 1.1.05.003
\nLinksys RE6500 1.2.07.001
\nLinksys RE6250 1.0.013.001
\nLinksys RE6250 1.0.04.001
\nLinksys RE6250 1.0.04.002
\nLinksys RE6250 1.1.05.003
\nLinksys RE6250 1.2.07.001
\nLinksys RE6300 1.0.013.001
\nLinksys RE6300 1.0.04.001
\nLinksys RE6300 1.0.04.002
\nLinksys RE6300 1.1.05.003
\nLinksys RE6300 1.2.07.001
\nLinksys RE6350 1.0.013.001
\nLinksys RE6350 1.0.04.001
\nLinksys RE6350 1.0.04.002
\nLinksys RE6350 1.1.05.003
\nLinksys RE6350 1.2.07.001
\nLinksys RE7000 1.0.013.001
\nLinksys RE7000 1.0.04.001
\nLinksys RE7000 1.0.04.002
\nLinksys RE7000 1.1.05.003
\nLinksys RE7000 1.2.07.001
\nLinksys RE9000 1.0.013.001
\nLinksys RE9000 1.0.04.001
\nLinksys RE9000 1.0.04.002
\nLinksys RE9000 1.1.05.003
\nLinksys RE9000 1.2.07.001<\/td>\n<\/tr>\n<\/table>\n

Source Information<\/h3>\n\n\n\n
Source Data<\/th>\nLinksys RE6500 1.0.013.001
\nLinksys RE6500 1.0.04.001
\nLinksys RE6500 1.0.04.002
\nLinksys RE6500 1.1.05.003
\nLinksys RE6500 1.2.07.001
\nLinksys RE6250 1.0.013.001
\nLinksys RE6250 1.0.04.001
\nLinksys RE6250 1.0.04.002
\nLinksys RE6250 1.1.05.003
\nLinksys RE6250 1.2.07.001
\nLinksys RE6300 1.0.013.001
\nLinksys RE6300 1.0.04.001
\nLinksys RE6300 1.0.04.002
\nLinksys RE6300 1.1.05.003
\nLinksys RE6300 1.2.07.001
\nLinksys RE6350 1.0.013.001
\nLinksys RE6350 1.0.04.001
\nLinksys RE6350 1.0.04.002
\nLinksys RE6350 1.1.05.003
\nLinksys RE6350 1.2.07.001
\nLinksys RE7000 1.0.013.001
\nLinksys RE7000 1.0.04.001
\nLinksys RE7000 1.0.04.002
\nLinksys RE7000 1.1.05.003
\nLinksys RE7000 1.2.07.001
\nLinksys RE9000 1.0.013.001
\nLinksys RE9000 1.0.04.001
\nLinksys RE9000 1.0.04.002
\nLinksys RE9000 1.1.05.003
\nLinksys RE9000 1.2.07.001<\/td>\n<\/tr>\n
Source Link<\/th>\n<\/a><\/td>\n<\/tr>\n<\/table>\n

Description<\/h3>\n
A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001\/1.0.04.001\/1.0.04.002\/1.1.05.003\/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file \/goform\/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector\/24GSelector\/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.<\/div>\n

CVSS Score Summary<\/h3>\n
\n

Base Score:<\/strong> 5.3 (MEDIUM)<\/span><\/p>\n<\/div>\n

View Full CVE Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

CVE Details Basic Information Title Linksys RE6500\/RE6250\/RE6300\/RE6350\/RE7000\/RE9000 wirelessAdvancedHidden os command injection Type cve Published 2025-06-02T11:31:04.438Z Last Seen Product Information Vendor Linksys Product RE6500 Version 1.0.013.001…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,22,12,21,13,7,11,5],"class_list":["post-6251","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-53","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nLinksys RE6500\/RE6250\/RE6300\/RE6350\/RE7000\/RE9000 wirelessAdvancedHidden os command injection - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=6251\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Linksys RE6500\/RE6250\/RE6300\/RE6350\/RE7000\/RE9000 wirelessAdvancedHidden os command injection - zero redgem\" \/>\n<meta property=\"og:description\" content=\"CVE Details Basic Information Title Linksys RE6500\/RE6250\/RE6300\/RE6350\/RE7000\/RE9000 wirelessAdvancedHidden os command injection Type cve Published 2025-06-02T11:31:04.438Z Last Seen Product Information Vendor Linksys Product RE6500 Version 1.0.013.001...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=6251\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-02T19:32:33+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6251#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6251\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Linksys RE6500\\\/RE6250\\\/RE6300\\\/RE6350\\\/RE7000\\\/RE9000 wirelessAdvancedHidden os command injection\",\"datePublished\":\"2025-06-02T19:32:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6251\"},\"wordCount\":366,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-5.3\",\"exploit\",\"MEDIUM\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_cve\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6251#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6251\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6251\",\"name\":\"Linksys RE6500\\\/RE6250\\\/RE6300\\\/RE6350\\\/RE7000\\\/RE9000 wirelessAdvancedHidden os command injection - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-06-02T19:32:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6251#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=6251\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=6251#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Linksys RE6500\\\/RE6250\\\/RE6300\\\/RE6350\\\/RE7000\\\/RE9000 wirelessAdvancedHidden os command injection\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Linksys RE6500\/RE6250\/RE6300\/RE6350\/RE7000\/RE9000 wirelessAdvancedHidden os command injection - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=6251","og_locale":"en_US","og_type":"article","og_title":"Linksys RE6500\/RE6250\/RE6300\/RE6350\/RE7000\/RE9000 wirelessAdvancedHidden os command injection - zero redgem","og_description":"CVE Details Basic Information Title Linksys RE6500\/RE6250\/RE6300\/RE6350\/RE7000\/RE9000 wirelessAdvancedHidden os command injection Type cve Published 2025-06-02T11:31:04.438Z Last Seen Product Information Vendor Linksys Product RE6500 Version 1.0.013.001...","og_url":"https:\/\/zero.redgem.net\/?p=6251","og_site_name":"zero redgem","article_published_time":"2025-06-02T19:32:33+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=6251#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=6251"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Linksys RE6500\/RE6250\/RE6300\/RE6350\/RE7000\/RE9000 wirelessAdvancedHidden os command injection","datePublished":"2025-06-02T19:32:33+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=6251"},"wordCount":366,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-5.3","exploit","MEDIUM","news","Security","tapic","Vulnerability"],"articleSection":["category_cve"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=6251#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=6251","url":"https:\/\/zero.redgem.net\/?p=6251","name":"Linksys RE6500\/RE6250\/RE6300\/RE6350\/RE7000\/RE9000 wirelessAdvancedHidden os command injection - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-06-02T19:32:33+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=6251#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=6251"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=6251#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Linksys RE6500\/RE6250\/RE6300\/RE6350\/RE7000\/RE9000 wirelessAdvancedHidden os command injection"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6251","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6251"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/6251\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6251"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6251"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6251"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}