CVE-2025-29228
Published: 23 December 2025
Description
Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates command injection by requiring validation and sanitization of the unsanitized mc.ip parameter in the runtime.macClone function.
Enables timely identification, reporting, and patching of the specific input sanitization flaw in firmware V1.1.0.26 to remediate the vulnerability.
Enforces access control mechanisms to require authentication before allowing access to the vulnerable unauthenticated runtime.macClone endpoint.
Security SummaryAI
CVE-2025-29228 is a command injection vulnerability (CWE-77) affecting the Linksys E5600 router on firmware version V1.1.0.26. The issue occurs in the runtime.macClone function, where the mc.ip parameter fails to properly sanitize user input, enabling attackers to inject and execute arbitrary shell commands. Published on 2025-12-23, it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its severe potential impact.
Any unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required. Exploitation allows remote arbitrary command execution, resulting in high confidentiality, integrity, and availability impacts, such as full device compromise, data theft, or further network pivoting.
Details on exploitation and potential mitigations are available in the referenced advisory at https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_macClone_mc.ip/CI_macClone_mc.ip.md. No vendor patches or additional official remediation guidance are specified in the available information.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables unauthenticated remote exploitation of a public-facing router web interface (T1190) via command injection for arbitrary Unix shell command execution (T1059.004).