Cyber Posture

CVE-2025-29230

High

Published: 21 March 2025

Published
21 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
EPSS Score 0.0025 48.3th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse Unix shell commands and scripts for execution.

Security Summary

CVE-2025-29230 is a command injection vulnerability (CWE-77) in the Linksys E5600 router firmware version 1.1.0.26. The issue exists in the runtime.emailReg function, which can be triggered via the pt["email"] parameter, allowing injection of malicious commands.

With a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L), the vulnerability is exploitable over the network by unauthenticated attackers requiring low complexity and no user interaction. Attackers can achieve high integrity impact through arbitrary command execution, alongside low confidentiality and availability impacts, potentially leading to full device compromise.

Mitigation details are available in the referenced advisory at https://github.com/JZP018/Vuln/blob/main/linsys/E5600/CI_emailReg_email/CI_emailReg_email.md, published on 2025-03-21.

Details

CWE(s)
CWE-77

Affected Products

linksys
e5600 firmware
1.1.0.26

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Command injection in public-facing router web interface directly enables T1190 (Exploit Public-Facing Application) for unauthenticated network access and T1059.004 (Unix Shell) for arbitrary command execution on the device.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References