CVE-2025-34037
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability was reported to be exploited in the wild by the "TheMoon" worm in 2014 to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. Additionally, this vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-06 UTC.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linksys | E4200 | 0 < 1.0.06 | affected |
| Linksys | E3200 | 0 < 1.0.05 | affected |
| Linksys | E3000 | 0 < 1.0.06 | affected |
| Linksys | E2500 v1/v2 | 0 < 2.0.00 | affected |
| Linksys | E2100L v1 | 0 <= 1.0.05 | affected |
| Linksys | E2000 | 0 | affected |
| Linksys | E1550 | 0 <= 1.0.03 | affected |
| Linksys | E1500 v1 | 0 < 1.0.06 | affected |
| Linksys | E1200 v1 | 0 <= 1.0.04 | affected |
| Linksys | E1000 v1 | 0 < 2.1.03 | affected |
| Linksys | E900 v1 | 0 < 1.0.04 | affected |
Weaknesses
- CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: total
References
- https://isc.sans.edu/diary/17633
- https://www.exploit-db.com/exploits/31683
- https://vulncheck.com/advisories/linksys-routers-command-injection
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.