A high-severity vulnerability, identified as CVE-2025-9360, has been discovered in multiple Linksys Wi-Fi range extenders. This flaw could allow a remote attacker to gain complete control over an affected device, potentially leading to network traffic interception, unauthorized access to the internal network, and service disruption. Immediate application of vendor-provided security updates is required to mitigate this significant risk.

The vulnerability is an unauthenticated command injection flaw within the web-based management interface of the affected devices. An unauthenticated attacker on the same network segment can send a specially crafted HTTP request to a specific API endpoint on the device. Due to insufficient input validation, the attacker's payload is executed directly by the underlying operating system with root-level privileges, granting them complete control over the device.

This vulnerability is rated as High severity with a CVSS score of 8.8. Exploitation could have a significant negative impact on business operations. A successful attacker could gain full administrative control of the network device, leading to severe consequences such as eavesdropping on sensitive network traffic, modifying network configurations to redirect users to malicious sites, or using the compromised device as a pivot point to launch further attacks against other critical assets on the internal network. The potential for network disruption and data breaches poses a direct risk to business continuity and data confidentiality.

Immediate Action:

• Identify all vulnerable Linksys devices within the environment.
• Apply the security updates and firmware patches provided by Linksys immediately to all affected models.
• After patching, review device access logs for any signs of compromise or unauthorized access that may have occurred prior to remediation.

Proactive Monitoring:

• Monitor network traffic for unusual outbound connections originating from the Linksys devices to unknown or suspicious IP addresses.
• Review system and access logs on the devices for unauthorized configuration changes, unexpected reboots, or anomalous login attempts.
• Implement intrusion detection system (IDS) rules to detect and alert on network activity matching known exploitation patterns for command injection vulnerabilities.

Compensating Controls:

• If immediate patching is not feasible, restrict network access to the device's management interface. Ensure it is not exposed to the internet.
• Limit access to the management interface to a dedicated management VLAN or a specific list of trusted administrative IP addresses.
• Implement network segmentation to isolate the Wi-Fi extenders from critical servers and sensitive corporate subnets.

Public Exploit Available: false

Given the High severity (CVSS 8.8) of this vulnerability and the potential for complete device compromise, it is strongly recommended that the organization prioritizes the immediate patching of all affected Linksys devices. While this CVE is not currently on the CISA KEV catalog, its high impact makes it a prime candidate for future inclusion if widespread exploitation occurs. If patching cannot be performed immediately, implement the recommended compensating controls, particularly restricting access to the management interface, to reduce the attack surface and mitigate risk.