Primary

Context

Linksys RE6500 Series Command Injection Vulnerability in RP_checkCredentialsByBBS Function

Vulnerability

A critical command injection vulnerability has been identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 routers, all running specific firmware versions. The issue arises in the RP_checkCredentialsByBBS function, where the 'pwd' argument can be manipulated to inject operating system commands. This vulnerability can be exploited remotely, and details of the exploit have been made public.

Impact

Exploitation of this vulnerability allows for arbitrary operating system command execution on the affected device.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linksys RE6500 Series Command Injection Vulnerability in RP_checkCredentialsByBBS Function

Vulnerability

Impact

Affected Products

Linksys RE6500

Linksys RE6300

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating