Affected Vendors
- Cisco – 3 CVEs (2 Critical, 1 Medium)
- Linksys – 3 CVEs (2 High, 1 None)
- Netgear – 3 CVEs (3 High)
Overview
This week brings nine new router and network device vulnerabilities, including two critical flaws in Cisco ISE systems that require immediate attention. The remaining issues affect consumer and enterprise Wi-Fi equipment across Linksys and Netgear product lines, with multiple high-severity buffer overflow and command injection vulnerabilities.
Critical: Cisco ISE Remote Code Execution
Cisco Identity Services Engine (ISE) and ISE-PIC users face two critical threats this week, both with perfect CVSS 10.0 scores. CVE-2025-20281 allows unauthenticated remote attackers to execute arbitrary code as root via a specific API endpoint, while CVE-2025-20282 enables arbitrary file upload and execution through an internal API. Both require zero authentication and pose an immediate risk to ISE deployments exposed to untrusted networks.
Action: Check Cisco security advisories immediately for patched ISE versions. If your ISE appliances are internet-facing or accessible from untrusted networks, prioritize patching above all other updates.
High-Severity: Linksys and Netgear Buffer Overflows
Linksys users should patch multiple models urgently. CVE-2025-6752 (CVSS 8.8) affects WRT1900ACS, EA7200, EA7450, and EA7500 through firmware version 20250619, while CVE-2025-6751 impacts the E8450 up to version 1.2.00.360516. Both stem from improper input validation in critical functions.
Netgear customers face similar risks: CVE-2025-6565 affects the WNCE3001, CVE-2025-6511 impacts the EX6150, and CVE-2025-6510 targets the EX6100. All three are stack-based buffer overflows (CVSS 8.8) in HTTP request handling components.
Action: Check manufacturer websites for firmware updates. Buffer overflow vulnerabilities are reliably exploitable; treat these as high priority even if exploits aren't yet public.
Command Injection: Linksys E-Series
CVE-2025-34037 describes an OS command injection flaw in Linksys E-Series routers via unprotected CGI endpoints (/tmUnblock.cgi and /hndUnblock.cgi) on port 8080. Though rated "None" severity by the source, the underlying command injection vulnerability poses genuine risk and warrants investigation and patching.
CVE-2025-20264 is a medium-severity authorization bypass in Cisco ISE's web interface requiring prior authentication—lower priority than the critical API flaws but still worth patching during your next maintenance window.