Skip to main content

Ea6350 Firmware

1 CVEs product

Monthly

CVE-2025-44657 LOW Monitor

Improper access control in Linksys EA6350 firmware 2.1.2 exposes the embedded vsftpd FTP service via a misconfigured chroot_local_user directive in a dynamically generated configuration file, allowing authenticated FTP users to traverse outside their intended jail and access sensitive system files. Affected users of this specific firmware version could face local privilege escalation or use of the device as a network pivot point for lateral movement into attached internal segments. No public exploit code has been confirmed, EPSS sits at 0.28% (20th percentile), and the device carries no CISA KEV listing, collectively suggesting limited real-world threat activity at this time.

Authentication Bypass Privilege Escalation Linksys Ea6350 Firmware
NVD GitHub
CVSS 3.1
3.9
EPSS
0.3%
EPSS 0% CVSS 3.9
LOW Monitor

Improper access control in Linksys EA6350 firmware 2.1.2 exposes the embedded vsftpd FTP service via a misconfigured chroot_local_user directive in a dynamically generated configuration file, allowing authenticated FTP users to traverse outside their intended jail and access sensitive system files. Affected users of this specific firmware version could face local privilege escalation or use of the device as a network pivot point for lateral movement into attached internal segments. No public exploit code has been confirmed, EPSS sits at 0.28% (20th percentile), and the device carries no CISA KEV listing, collectively suggesting limited real-world threat activity at this time.

Authentication Bypass Privilege Escalation Linksys +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy