CVE-2025-29228

Linksys · E5600

The Linksys E5600 router is vulnerable to command injection via the runtime.macClone function, allowing for remote code execution.

Executive summary

A critical command injection vulnerability in Linksys E5600 routers enables unauthenticated attackers to execute arbitrary system commands with elevated privileges.

Vulnerability

The vulnerability exists in the runtime.macClone function and is triggered via the mc.ip parameter. An unauthenticated attacker can inject malicious shell commands, leading to full control over the affected router.

Business impact

The CVSS score of 9.8 highlights the critical nature of this flaw. Compromise of network infrastructure devices like the E5600 can allow an attacker to intercept traffic, pivot into the internal network, or permanently disable critical business connectivity.

Remediation

Immediate Action: Update the firmware of the Linksys E5600 to the latest available version provided by the manufacturer.

Proactive Monitoring: Monitor network traffic for unusual outbound connections or shell-like command patterns originating from the router's management interface.

Compensating Controls: Disable remote management features on the router and ensure the device is not accessible from the public internet.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

Command injection vulnerabilities on perimeter hardware are extremely dangerous. Organizations should prioritize updating these devices and ensuring they are segmented from critical internal assets to limit the impact of potential exploitation.