Linksys E5600
18 CVEs affecting Linksys E5600. Latest disclosed: 2025-12-23. Critical: 8, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-29229 | Critical | 9.8 | 2025-12-23 | linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus. |
CVE-2025-29228 | Critical | 9.8 | 2025-12-23 | Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter. |
CVE-2025-45491 | Critical | 9.8 | 2025-05-06 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the username parameter. |
CVE-2025-45490 | Critical | 9.8 | 2025-05-06 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the password parameter. |
CVE-2025-45489 | Critical | 9.8 | 2025-05-06 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the hostname parameter. |
CVE-2025-45488 | Critical | 9.8 | 2025-05-06 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.ddnsStatus DynDNS function via the mailex parameter. |
CVE-2025-45487 | Critical | 9.8 | 2025-05-06 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.InternetConnection function. |
CVE-2024-33789 | Critical | 9.8 | 2024-05-03 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the ipurl parameter at /API/info form endpoint. |
CVE-2025-29230 | High | 8.6 | 2025-03-21 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. The vulnerability can be triggered via th… |
CVE-2024-33788 | High | 8.0 | 2024-05-06 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint. |
CVE-2023-30305 | High | 7.5 | 2024-05-28 | An issue discovered in Linksys E5600 routers allows attackers to hijack TCP sessions which could lead to a denial of service. |
CVE-2025-9146 | Medium | 6.6 | 2025-08-19 | A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Han… |
CVE-2025-29227 | Medium | 6.3 | 2025-03-21 | In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize… |
CVE-2025-29226 | Medium | 6.3 | 2025-03-21 | In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"]… |
CVE-2025-29223 | Medium | 6.3 | 2025-03-21 | Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function. |
CVE-2025-29231 | Medium | 6.1 | 2025-12-16 | A stored cross-site scripting (XSS) vulnerability in the page_save component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HT… |
CVE-2025-22997 | Medium | 4.8 | 2025-01-15 | A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrar… |
CVE-2025-22996 | Medium | 4.8 | 2025-01-15 | A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrar… |