CRITICAL🇵🇱 Wersja polska

CVE-2025-29229

CVSS 9.8v3.1pub. 2025-12-23upd. 2026-01-06

linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus.

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation or sanitization of input data passed to the ddnsStatus function in the router's firmware. An attacker can craft a malicious network request containing embedded system commands that will be executed by the device in the context of its operating system. Due to the network vector (AV:N) and lack of authentication (PR:N) and user interaction (UI:N) requirements, the attack can be performed remotely without any additional privileges.

Impact

An attacker can gain full control over the device — including access to sensitive configuration data, ability to modify network settings, and permanent compromise of the router (high confidentiality, integrity, and availability).

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. Until an update is released, it is recommended to restrict access to the device management interface only to trusted IP addresses and disable remote management over the WAN network.

Who is affected

Linksys E5600 with firmware version V1.1.0.26

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Linksys E5600

    HW
    Linksys
    wszystkie wersje
  • Linksys E5600 Firmware

    OS
    Linksys
    1.1.0.26
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-29228CRITICAL9.8PL ✓ten sam produkt

Command injection w Linksys E5600 — parametr mc.ip funkcji macClone

CVE-2025-45489CRITICAL9.8PL ✓ten sam produkt

Command injection w Linksys E5600 via parametr hostname (DynDNS)

CVE-2025-45487CRITICAL9.8PL ✓ten sam produkt

Command injection w Linksys E5600 — funkcja runtime.InternetConnection

CVE-2025-45488CRITICAL9.8PL ✓ten sam produkt

Command injection w Linksys E5600 via parametr mailex funkcji DynDNS

CVE-2025-45490CRITICAL9.8PL ✓ten sam produkt

Command injection w Linksys E5600 via parametr password funkcji DynDNS