Linksys RE6250, RE6300, RE6350, RE6500, RE7000, RE9000 OS Command Injection Vulnerability

A command injection vulnerability has been identified in Linksys router models RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000, all running firmware released prior to August 1, 2025. The vulnerability resides in the 'ipv6cmd' function of the '/goform/setIpv6' file, where several arguments can be manipulated to execute arbitrary operating system commands. This issue can be exploited remotely, and the details have been publicly disclosed.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected device's operating system.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/setIpv6' with crafted data that includes the desired command in the 'Ipv6PriDns' field. The router will execute the command, such as launching a reverse shell via Telnet.