ID
VAR-201402-0700
CVE
CVE-2025-34037
TITLE
Multiple Secure Bypass Vulnerabilities in Linksys Multiple E-Series Routers
Trust: 0.6
DESCRIPTION
An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process user-supplied input passed to the ttcp_ip parameter without sanitization, allowing unauthenticated attackers to inject shell commands. This vulnerability is exploited in the wild by the "TheMoon" worm to deploy a MIPS ELF payload, enabling arbitrary code execution on the router. This vulnerability may affect other Linksys products to include, but not limited to, WAG/WAP/WES/WET/WRT-series router models and Wireless-N access points and routers. Linksys E-series routers are popular router devices. Multiple Linksys E-series routers have multiple security vulnerabilities that allow malicious users to bypass some of the security restrictions: 1. 2. The device fails to properly restrict access to the console, allowing an attacker to access restricted functionality through the TCP port 8083
Trust: 1.44
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | linksys e4200 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys ea4500 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys ea3500 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys ea2700 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys e1000 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys e2100l | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys e1500 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys e2500 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys e2500 build | scope: | eq | version: | 1.0.034 | Trust: 0.6 |
| vendor: | cisco | model: | linksys e1550 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys e1200 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys e3200 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys e3000 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys e2000 | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | linksys e900 | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.0 |
| problemtype: | CWE-78 | Trust: 1.0 |
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 31683 | Trust: 1.6 |
| db: | NVD | id: | CVE-2025-34037 | Trust: 1.0 |
| db: | PACKETSTORM | id: | 125242 | Trust: 0.6 |
| db: | EXPLOITDB | id: | 31683 | Trust: 0.6 |
| db: | OSVDB | id: | 103321 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2014-01260 | Trust: 0.6 |
REFERENCES
| url: | https://vulncheck.com/advisories/linksys-routers-command-injection | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/31683 | Trust: 1.0 |
| url: | https://isc.sans.edu/diary/17633 | Trust: 1.0 |
| url: | http://osvdb.org/show/osvdb/103321 | Trust: 0.6 |
| url: | http://www.exploit-db.com/exploits/31683/ | Trust: 0.6 |
| url: | http://www.reddit.com/r/netsec/comments/1xy9k6/that_new_linksys_worm/ | Trust: 0.6 |
| url: | http://packetstormsecurity.com/files/125242/linksys-ea2700-ea3500-e4200-ea4500-authentication-bypass.html | Trust: 0.6 |
SOURCES
| db: | CNVD | id: | CNVD-2014-01260 |
| db: | NVD | id: | CVE-2025-34037 |
LAST UPDATE DATE
2025-06-27T23:10:33.533000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2014-01260 | date: | 2015-08-04T00:00:00 |
| db: | NVD | id: | CVE-2025-34037 | date: | 2025-06-26T18:58:14.280 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2014-01260 | date: | 2014-02-26T00:00:00 |
| db: | NVD | id: | CVE-2025-34037 | date: | 2025-06-24T01:15:25.037 |