CVE-2025-34037
Linksys Routers E/WAG/WAP/WES/WET/WRT-Series
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- April 15, 2025
- Published Date
- June 24, 2025
- Last Updated
- June 24, 2025
- Vendor
- Linksys
- Product
- E4200, E3200, E3000, E2500 v1/v2, E2100L v1, E2000, E1550, E1500 v1, E1200 v1, E1000 v1, E900 v1
- Description
- An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability is exploited in the wild by the "TheMoon" worm to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. This vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers.
- Tags
- Score
- 3.34% (Percentile: 86.78%) as of 2025-07-17
- Exploitation
- poc
- Automatable
- Yes
- Technical Impact
- total
- Exploited in the Wild
- Yes (2025-06-24 03:40:25 UTC) Source
edge
CVSS Scores
CVSS v4.0
10.0 - CRITICAL
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS Score
SSVC Information
Exploit Status
References
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
CVE | 2025-06-24 03:40:18 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel