CVE-2025-52692
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-19

Last updated on: 2025-12-23

Assigner: CSA

Description
Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2025-12-23
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-52692
EUVD
EUVD-2025-204429
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linksys e9450-sg_firmware 1.2.00.052
linksys e9450-sg *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linksys E9450-SG router (version 1.2.00.052) and allows an attacker with local network access to send a specially crafted URL to the router. This crafted URL enables the attacker to access certain administrative functions without needing to provide login credentials. [1]

Impact Analysis

If exploited, this vulnerability could allow an attacker on the local network to gain unauthorized access to the router's administrative functions. This could lead to full compromise of the router, including changes to configuration, interception or redirection of network traffic, and potential disruption of network availability. [1]

Detection Guidance

Detection involves monitoring for attempts to access the router's administration functions via specially crafted URLs from local network sources. Network administrators can use tools like curl or wget to simulate such requests and observe if administrative functions are accessible without authentication. For example, using curl to send crafted HTTP requests to the router's IP address and checking for unauthorized access responses. Additionally, network traffic analysis tools like Wireshark can be used to detect suspicious HTTP requests targeting the router's admin interface. [1]

Mitigation Strategies

Immediate mitigation steps include disabling remote administration on the affected Linksys E9450-SG router, restricting router management access to trusted local devices only, and avoiding enabling Telnet access. Since no firmware updates or patches will be released due to the device's End-of-Life status, it is also recommended to consider upgrading to a currently supported Linksys model to ensure continued security. [1]

Compliance Impact

The vulnerability allows unauthorized access to administrative functions without login credentials, which could lead to unauthorized data access or control over the device. This poses a risk to the confidentiality, integrity, and availability of data managed by the router, potentially leading to non-compliance with standards and regulations such as GDPR and HIPAA that require protection of sensitive data and secure access controls. Since no patches are available due to the device's End-of-Life status, organizations using this router should mitigate risks by disabling remote administration, restricting management access, and upgrading to supported models to maintain compliance. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52692. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart