CVE-2025-8821
BaseFortify
Publication date: 2025-08-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 |
| linksys | re6250 | * |
| linksys | re6300_firmware | 1.2.07.001 |
| linksys | re6300 | * |
| linksys | re6350_firmware | 1.0.04.001 |
| linksys | re6350 | * |
| linksys | re7000_firmware | 1.1.05.003 |
| linksys | re7000 | * |
| linksys | re9000_firmware | 1.0.04.002 |
| linksys | re9000 | * |
| linksys | re6500_firmware | 1.0.013.001 |
| linksys | re6500 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8821 is an OS command injection vulnerability found in multiple Linksys range extender models (RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000) with firmware versions up to August 1, 2025. The vulnerability exists in the RP_setBasic function, specifically in the handling of the 'bssid' parameter. Because this parameter is not properly sanitized or validated, an attacker can remotely inject and execute arbitrary operating system commands by sending crafted requests targeting this parameter. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to execute arbitrary OS commands on affected devices without authentication. This compromises the confidentiality, integrity, and availability of the device, potentially leading to unauthorized access, data leakage, device malfunction, or complete takeover of the device. Since the exploit is publicly available and easy to use, the risk of exploitation is significant. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious requests targeting the /goform/RP_setBasic endpoint, specifically those manipulating the 'bssid' parameter with unusual or command-like input. Network intrusion detection systems (NIDS) can be configured to alert on HTTP requests containing suspicious payloads in the 'bssid' argument. Additionally, inspecting router logs for unexpected commands or errors related to RP_setBasic may help. Since the vulnerability involves OS command injection, commands like 'curl' or 'wget' can be used to test the endpoint by sending crafted requests to see if the device executes injected commands. For example, a command to test might be: curl -X POST http://<router-ip>/goform/RP_setBasic -d "bssid=;id;" to check if the 'id' command output is reflected or causes abnormal behavior. However, no specific detection commands or tools are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include discontinuing use of the affected Linksys range extender models (RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000) with firmware versions up to 20250801, as no patches or vendor mitigations are currently available. Consider replacing these devices with alternatives not affected by this vulnerability. Additionally, restrict remote access to the devices, disable any unnecessary remote management features, and monitor network traffic for exploitation attempts. Since the vendor has not responded or provided fixes, proactive device replacement and network-level protections are recommended. [2]