Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Vulnerability in Linksys Router

19 December 2025

A vulnerability has been discovered in Linksys router. Users and administrators of the affected product version are advised to implement the recommended mitigation measures.

Background

A vulnerability (CVE-2025-52692) has been discovered in Linksys router. The vulnerability has a Common Vulnerability Scoring System (CVSS3.1) score of 8.8 out of 10.

Impact

Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials.

Affected Products

The vulnerability affects Linksys E9450-SG version 1.2.00.052.

Mitigation

As the Linksys E9450-SG has reached End-of-Life status, no firmware update is planned for this issue. Users and administrators of the affected product version are advised to:

  • Disable remote administration

  • Restrict router management access to trusted devices on the local network

  • Avoid enabling Telnet access

  • Consider upgrading to a model actively supported by Linksys

Credits

CSA would like to express appreciation to Cyber Specialists 2SG Lam Jun Rong and 2SG Javier Koh from the Digital and Intelligence Service (DIS), and Dr Joseph Teo from the Centre for Strategic Infocomm Technologies (CSIT) who worked in partnership to discover the vulnerability.

Additionally, CSA would like to thank Linksys for their collaboration on the coordinated disclosure of the vulnerability.

References

https://medium.com/csit-tech-blog/cve-2025-52692-discovery-and-exploitation-of-zero-day-vulnerability-in-linksys-e9450-sg-router-cda5c829bbf9


Back to top