CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-45490: Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password...

Description

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter.

Classification

CVE ID: CVE-2025-45490

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.89% (probability of being exploited)

EPSS Percentile: 74.41% (scored less or equal to compared to others)

EPSS Date: 2025-06-04 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-45490
https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_ddnsStatus_DynDNS_password/CI_ddnsStatus_DynDNS_password.pdf
https://github.com/JZP018/vuln03/blob/main/linksys/E5600/CI_ddnsStatus_DynDNS_password/CI_ddnsStatus_DynDNS_password.py

Timeline

2025-05-06 16:40:17 UTC
CVE

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password...