CVE-2025-52692
BaseFortify
Publication date: 2025-12-19
Last updated on: 2025-12-23
Assigner: CSA
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linksys | e9450-sg_firmware | 1.2.00.052 |
| linksys | e9450-sg | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linksys E9450-SG router (version 1.2.00.052) and allows an attacker with local network access to send a specially crafted URL to the router. This crafted URL enables the attacker to access certain administrative functions without needing to provide login credentials. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker on the local network to gain unauthorized access to the router's administrative functions. This could lead to full compromise of the router, including changes to configuration, interception or redirection of network traffic, and potential disruption of network availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for attempts to access the router's administration functions via specially crafted URLs from local network sources. Network administrators can use tools like curl or wget to simulate such requests and observe if administrative functions are accessible without authentication. For example, using curl to send crafted HTTP requests to the router's IP address and checking for unauthorized access responses. Additionally, network traffic analysis tools like Wireshark can be used to detect suspicious HTTP requests targeting the router's admin interface. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling remote administration on the affected Linksys E9450-SG router, restricting router management access to trusted local devices only, and avoiding enabling Telnet access. Since no firmware updates or patches will be released due to the device's End-of-Life status, it is also recommended to consider upgrading to a currently supported Linksys model to ensure continued security. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access to administrative functions without login credentials, which could lead to unauthorized data access or control over the device. This poses a risk to the confidentiality, integrity, and availability of data managed by the router, potentially leading to non-compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive data and secure access controls. Since no patches are available due to the device's End-of-Life status, organizations using this router should mitigate risks by disabling remote administration, restricting management access, and upgrading to supported models to maintain compliance. [1]