CVE-2025-4999 – Linksys FGW3000 HTTP POST Request Handler Command Injection Vulnerability

May 20, 2025

CVE ID : CVE-2025-4999

Published : May 20, 2025, 9:15 p.m. | 2 hours, 18 minutes ago

Description : A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub_4153FC of the file /cgi-bin/sysconf.cgi of the component HTTP POST Request Handler. The manipulation of the argument supplicant_rnd_id_en leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5001 – GNU PSPP calloc Integer Overflow Vulnerability

Next Article CVE-2025-5000 – “Linksys FGW3000 HTTP POST Request Handler Command Injection Vulnerability”

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

“A fantastic device for creative users” — this $550 discount on ASUS’s 3K OLED creator laptop disappears before Prime Day

Distribution Release: Rhino Linux 2025.3

Token System using PHP and MySQL

Token System using PHP and MySQL

Create React UI component with uncontrollable

Flaget – new small 5kB CLI argument parser

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 27/2025

CVE-2025-4999 – Linksys FGW3000 HTTP POST Request Handler Command Injection Vulnerability

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

CVE-2025-44887 – Fujitsu Workstation WGS-804HPT Stack Overflow Vulnerability

Laravel Too Many Login Attempts: Restrict and Customize

Samsung MagicINFO 9 Server Vulnerability Exploited in the Wild

Google CEO claims the probability of AI causing existential doom is “pretty high” — but he’s banking on humanity to rally against the imminent catastrophe

Samsung’s next Galaxy S25 phone has an Ultra-level camera – and a free preorder deal

CVE-2025-25026 – IBM Security Guardium Authentication Bypass Vulnerability

CVE-2025-6702 – “Litemall Remote Unauthorized Access Vulnerability”

5 steps to improve your charity website’s navigation

CVE-2025-4999 – Linksys FGW3000 HTTP POST Request Handler Command Injection Vulnerability

Related Posts