CVE-2025-34037
Wstrzyknięcie poleceń w routerach E-Series Linksys umożliwia zdalne wykonanie kodu przez nieautoryzowanych atakujących.
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability was reported to be exploited in the wild by the "TheMoon" worm in 2014 to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. Additionally, this vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 0.0 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 81.6% |
| Opublikowano (NVD) | 2025-06-24 01:15:25 UTC |
| Ostatnia modyfikacja (NVD) | 2026-03-20 19:16:12 UTC |
- https://isc.sans.edu/diary/17633 (disclosure@vulncheck.com)
- https://vulncheck.com/advisories/linksys-routers-command-injection (disclosure@vulncheck.com)
- https://www.exploit-db.com/exploits/31683 (disclosure@vulncheck.com)