88
CVEs
8
Critical
50
High
0
KEV
81
PoC
58
Unpatched C/H
0.0%
Patch Rate
1.1%
Avg EPSS
Severity Breakdown
CRITICAL
8
HIGH
50
MEDIUM
30
LOW
0
Monthly CVE Trend
Affected Products (16)
Re7000 Firmware
44
Re6300 Firmware
43
Re6250 Firmware
43
Re6350 Firmware
43
Re9000 Firmware
43
Re6500 Firmware
42
Command Injection
34
E5600 Firmware
12
E8450 Firmware
10
E7350 Firmware
8
E1200 Firmware
6
Stack Overflow
6
E1700 Firmware
4
Fgw3000 Ah Firmware
2
Fgw3000 Hk Firmware
2
Wap610N Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-45491 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.9%. | CRITICAL | 9.8 | 11.9% | 81 |
PoC
No patch
|
| CVE-2025-45488 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 9.5% | 79 |
PoC
No patch
|
| CVE-2025-45487 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2025-45489 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2025-45490 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 7.2% | 76 |
PoC
No patch
|
| CVE-2025-60690 | A stack-based buffer overflow vulnerability exists in the Linksys E1200 v2 router firmware that allows remote attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability occurs in the httpd binary's get_merge_ipaddr function, which improperly concatenates user-supplied CGI parameters into a fixed-size buffer without bounds checking. With publicly available proof-of-concept exploits and an EPSS score of 0.57% (68th percentile), this represents a moderate exploitation risk for affected devices. | HIGH | 8.8 | 0.6% | 65 |
PoC
No patch
|
| CVE-2026-4558 | Unauthenticated attackers can inject arbitrary operating system commands through manipulated parameters in the SmartConnect configuration function of Linksys MR9600 firmware version 2.0.6.206937, achieving remote code execution with high privileges. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The attack requires only network access and low complexity, making it immediately exploitable in affected deployments. | HIGH | 8.8 | 0.2% | 64 |
PoC
No patch
|
| CVE-2025-29230 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available. | HIGH | 8.6 | 0.6% | 44 |
No patch
|
| CVE-2025-25522 | Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available. | HIGH | 7.3 | 0.1% | 37 |
No patch
|
| CVE-2025-29223 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 6.3 | 0.6% | 32 |
No patch
|
| CVE-2025-29226 | In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 6.3 | 0.6% | 32 |
No patch
|
| CVE-2025-29227 | In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 6.3 | 0.6% | 32 |
No patch
|
| CVE-2024-57222 | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.3 | 0.9% | – |
PoC
No patch
|
| CVE-2024-57223 | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.3% | – |
PoC
No patch
|
| CVE-2024-57224 | Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 2.9% | – |
PoC
No patch
|