Command Injection Vulnerability in Linksys E5600 by Linksys
CVE-2025-29230
8.6HIGH
Summary
The Linksys E5600 firmware version v1.1.0.26 has a command injection vulnerability that allows an attacker to exploit the 'email' parameter in the runtime.emailReg function. By manipulating this parameter, unauthorized commands could potentially be executed, leading to security breaches. Users of this product should take immediate action to secure their systems against potential attacks leveraging this vulnerability.
References
CVSS V3.1
Score:
8.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved