E2500 Firmware
Monthly
Improper access control in the Linksys E2500 wireless router (firmware 3.0.04.002) stems from its bundled vsftpd FTP service, where the reporter flags the chroot_local_user setting as enabling unauthorized reach into system files, privilege escalation, or lateral pivoting into the internal network. The E2500 is a discontinued consumer/SOHO router, and no public exploit identified at time of analysis; EPSS estimates only a 1.08% exploitation probability (61st percentile). Notably, the single reference is a third-party GitHub gist rather than a vendor advisory, and the technical claim is internally inconsistent (see risk assessment).
A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Improper access control in the Linksys E2500 wireless router (firmware 3.0.04.002) stems from its bundled vsftpd FTP service, where the reporter flags the chroot_local_user setting as enabling unauthorized reach into system files, privilege escalation, or lateral pivoting into the internal network. The E2500 is a discontinued consumer/SOHO router, and no public exploit identified at time of analysis; EPSS estimates only a 1.08% exploitation probability (61st percentile). Notably, the single reference is a third-party GitHub gist rather than a vendor advisory, and the technical claim is internally inconsistent (see risk assessment).
A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.