Skip to main content

E5600 Firmware CVE-2025-29230

HIGH
Command Injection (CWE-77)
2025-03-21 cve@mitre.org
8.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:32 vuln.today
CVE Published
Mar 21, 2025 - 17:15 nvd
HIGH 8.6

DescriptionCVE.org

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the pt["email"] parameter.

AnalysisAI

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via the pt["email"] parameter. Affected products include: Linksys E5600 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2025-45491 CRITICAL POC
9.8 May 06

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS fun

CVE-2025-45488 CRITICAL POC
9.8 May 06

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS fun

CVE-2025-45487 CRITICAL POC
9.8 May 06

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection fu

CVE-2025-45490 CRITICAL POC
9.8 May 06

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS fun

CVE-2025-45489 CRITICAL POC
9.8 May 06

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS fun

CVE-2024-33789 CRITICAL POC
9.8 May 03

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info

CVE-2024-33788 HIGH POC
8.0 May 06

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/in

CVE-2025-29227 MEDIUM
6.3 Mar 21

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtim

CVE-2025-29226 MEDIUM
6.3 Mar 21

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtim

CVE-2025-29223 MEDIUM
6.3 Mar 21

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRou

CVE-2025-9146 HIGH POC
7.5 Aug 19

A flaw has been found in Linksys E5600 1.1.0.26. Rated high severity (CVSS 7.5), this vulnerability is remotely exploita

CVE-2025-22997 MEDIUM POC
4.8 Jan 15

A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. Rated

Share

CVE-2025-29230 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy