Command Injection Vulnerability in Linksys E5600 by Linksys
CVE-2025-29230

8.6HIGH

Key Information:

Vendor: Linksys
Status: Linksys E5600
Vendor: CVE Published:; 21 March 2025

What is CVE-2025-29230?

The Linksys E5600 firmware version v1.1.0.26 has a command injection vulnerability that allows an attacker to exploit the 'email' parameter in the runtime.emailReg function. By manipulating this parameter, unauthorized commands could potentially be executed, leading to security breaches. Users of this product should take immediate action to secure their systems against potential attacks leveraging this vulnerability.

References

https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2025
Vulnerability Reserved
Mar 11, 2025