CVE-2025-9244 – This CVE describes an OS command injection vuln... (How to Fix)

Q: What is the severity of CVE-2025-9244?

CVE-2025-9244 has a CVSS score of 6.3 (MEDIUM). This CVE describes an OS command injection vulnerability in Linksys RE series range extenders. Attackers can remotely execute arbitrary commands by manipulating parameters in the addStaticRoute function. All users of affected Linksys RE models with vulnerable firmware versions are at risk.

📋 TL;DR

This CVE describes an OS command injection vulnerability in Linksys RE series range extenders. Attackers can remotely execute arbitrary commands by manipulating parameters in the addStaticRoute function. All users of affected Linksys RE models with vulnerable firmware versions are at risk.

💻 Affected Systems

Products:

Linksys RE6250
Linksys RE6300
Linksys RE6350
Linksys RE6500
Linksys RE7000
Linksys RE9000

Versions: 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, 1.2.07.001

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running listed firmware versions are vulnerable by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attackers to install persistent backdoors, pivot to internal networks, or use device as botnet node.

🟠

Likely Case

Unauthorized access to device configuration, network reconnaissance, or launching attacks against other devices on the network.

🟢

If Mitigated

Limited impact if device is isolated or network segmentation prevents lateral movement.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication.

🏢 Internal Only: HIGH - Device is typically deployed on internal networks where exploitation could lead to lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. Attack requires network access to device web interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: https://www.linksys.com/

Restart Required: No

Instructions:

Check Linksys support site for firmware updates. No official patch confirmed as vendor has not responded to disclosure.

🔧 Temporary Workarounds

Disable remote administration

all

Prevent external access to device web interface

Network segmentation

all

Isolate range extenders on separate VLAN

🧯 If You Can't Patch

Replace affected devices with non-vulnerable models
Implement strict firewall rules to block all inbound traffic to device management interface

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface at http://[device-ip]/ or using device management app.

Check Version:

curl -s http://[device-ip]/ | grep firmware version or check device web interface

Verify Fix Applied:

Verify firmware version is no longer in affected range. Test if addStaticRoute endpoint responds to command injection attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/addStaticRoute with shell metacharacters
Failed authentication attempts to device management interface

Network Indicators:

Unexpected outbound connections from range extender
Traffic to suspicious IPs from device

SIEM Query:

source="linksys-extender" AND (url="/goform/addStaticRoute" OR cmd="*;*" OR cmd="*|*")

📊 Metadata

CVE ID: CVE-2025-9244

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-77

EPSS Score: 0.3% exploit probability (53.1th percentile)

Published: August 20, 2025

Last Updated: September 2, 2025

🔗 References

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_11/11.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.320775 Permissions Required
https://vuldb.com/?id.320775 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.631517 Third Party Advisory,VDB Entry
https://www.linksys.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-9244, you might also want to check these: