CVE-2025-8823
BaseFortify
Publication date: 2025-08-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 |
| linksys | re6250 | * |
| linksys | re6300_firmware | 1.2.07.001 |
| linksys | re6300 | * |
| linksys | re6350_firmware | 1.0.04.001 |
| linksys | re6350 | * |
| linksys | re7000_firmware | 1.1.05.003 |
| linksys | re7000 | * |
| linksys | re9000_firmware | 1.0.04.002 |
| linksys | re9000 | * |
| linksys | re6500_firmware | 1.0.013.001 |
| linksys | re6500 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8823 is an OS command injection vulnerability in multiple Linksys range extender models (RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000) up to firmware version 20250801. The vulnerability exists in the setDeviceName function of the /goform/setDeviceName file, where the DeviceName parameter is not properly sanitized. This allows a remote attacker to inject and execute arbitrary operating system commands on the device, potentially compromising the device's confidentiality, integrity, and availability. [1, 2]
How can this vulnerability impact me? :
This vulnerability allows remote attackers to execute arbitrary OS commands on affected Linksys devices without physical access. Exploitation can lead to unauthorized control over the device, potentially resulting in compromised confidentiality, integrity, and availability of the device and its network. Attackers could disrupt device operation, steal sensitive information, or use the device as a foothold for further attacks. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP requests targeting the /goform/setDeviceName endpoint with unusual or malicious payloads in the DeviceName parameter that may contain OS command injection attempts. Network intrusion detection systems (NIDS) can be configured to look for such patterns. Additionally, you can use curl or similar tools to test the endpoint by sending crafted requests to see if command injection is possible. For example, a command to test might be: curl -X POST http://<device-ip>/goform/setDeviceName -d 'DeviceName=;id' and observe if the response or device behavior indicates command execution. However, no specific detection commands or signatures are provided in the resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include discontinuing the use of affected Linksys range extender models (RE6250, RE6300, RE6350, RE6500, RE7000, RE9000) running vulnerable firmware versions up to 20250801, as no official patches or mitigations have been published by the vendor. Consider replacing affected devices with secure alternatives. Additionally, restrict remote access to the devices, disable remote management if possible, and monitor network traffic for exploitation attempts. Since the vendor did not respond to the disclosure and no fixes are available, device replacement is the recommended mitigation. [1]