Vulnerabilites related to linksys - re6350
CVE-2025-5444 (GCVE-0-2025-5444)
Vulnerability from cvelistv5
Published
2025-06-02 12:00
Modified
2025-06-02 16:28
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.310783 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.310783 | signature, permissions-required | |
| https://vuldb.com/?submit.584366 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_7/7.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6500 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5444",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T16:27:49.243918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T16:28:16.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_7/7.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion RP_UpgradeFWByBBS der Datei /goform/RP_UpgradeFWByBBS. Dank der Manipulation des Arguments type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T12:00:17.752Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310783 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_UpgradeFWByBBS os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310783"
},
{
"name": "VDB-310783 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310783"
},
{
"name": "Submit #584366 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.584366"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_7/7.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-01T19:11:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_UpgradeFWByBBS os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5444",
"datePublished": "2025-06-02T12:00:17.752Z",
"dateReserved": "2025-06-01T17:06:30.726Z",
"dateUpdated": "2025-06-02T16:28:16.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9355 (GCVE-0-2025-9355)
Vulnerability from cvelistv5
Published
2025-08-22 21:02
Modified
2025-08-25 19:22
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function scheduleAdd of the file /goform/scheduleAdd. Performing manipulation of the argument ruleName results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321058 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321058 | signature, permissions-required | |
| https://vuldb.com/?submit.631527 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9355",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T19:22:54.229574Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T19:22:58.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function scheduleAdd of the file /goform/scheduleAdd. Performing manipulation of the argument ruleName results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle gefunden. Es geht um die Funktion scheduleAdd der Datei /goform/scheduleAdd. Durch Beeinflussen des Arguments ruleName mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T21:02:07.395Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321058 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 scheduleAdd stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321058"
},
{
"name": "VDB-321058 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321058"
},
{
"name": "Submit #631527 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631527"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-22T17:45:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 scheduleAdd stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9355",
"datePublished": "2025-08-22T21:02:07.395Z",
"dateReserved": "2025-08-22T15:40:10.106Z",
"dateUpdated": "2025-08-25T19:22:58.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5447 (GCVE-0-2025-5447)
Vulnerability from cvelistv5
Published
2025-06-02 13:31
Modified
2025-06-02 13:54
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.310786 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.310786 | signature, permissions-required | |
| https://vuldb.com/?submit.584369 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_10/10.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6500 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5447",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T13:54:30.988951Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T13:54:42.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Das betrifft die Funktion ssid1MACFilter der Datei /goform/ssid1MACFilter. Durch die Manipulation des Arguments apselect_%d/newap_text_%d mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T13:31:04.197Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310786 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 ssid1MACFilter os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310786"
},
{
"name": "VDB-310786 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310786"
},
{
"name": "Submit #584369 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.584369"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_10/10.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-01T19:11:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 ssid1MACFilter os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5447",
"datePublished": "2025-06-02T13:31:04.197Z",
"dateReserved": "2025-06-01T17:06:39.070Z",
"dateUpdated": "2025-06-02T13:54:42.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8829 (GCVE-0-2025-8829)
Vulnerability from cvelistv5
Published
2025-08-11 04:02
Modified
2025-08-12 14:08
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319363 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319363 | signature, permissions-required | |
| https://vuldb.com/?submit.626694 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8829",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:08:00.735048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:08:05.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Dabei geht es um die Funktion um_red der Datei /goform/RP_setBasicAuto. Dank der Manipulation des Arguments hname mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T04:02:05.689Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319363 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_red os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319363"
},
{
"name": "VDB-319363 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319363"
},
{
"name": "Submit #626694 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626694"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_red os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8829",
"datePublished": "2025-08-11T04:02:05.689Z",
"dateReserved": "2025-08-10T07:54:04.103Z",
"dateUpdated": "2025-08-12T14:08:05.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5446 (GCVE-0-2025-5446)
Vulnerability from cvelistv5
Published
2025-06-02 13:00
Modified
2025-06-02 13:40
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.310785 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.310785 | signature, permissions-required | |
| https://vuldb.com/?submit.584368 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_9/9.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6500 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5446",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T13:39:54.797962Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T13:40:07.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion RP_checkCredentialsByBBS der Datei /goform/RP_checkCredentialsByBBS. Mit der Manipulation des Arguments pwd mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T13:00:17.423Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310785 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkCredentialsByBBS os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310785"
},
{
"name": "VDB-310785 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310785"
},
{
"name": "Submit #584368 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.584368"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_9/9.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-01T19:11:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkCredentialsByBBS os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5446",
"datePublished": "2025-06-02T13:00:17.423Z",
"dateReserved": "2025-06-01T17:06:36.240Z",
"dateUpdated": "2025-06-02T13:40:07.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9482 (GCVE-0-2025-9482)
Vulnerability from cvelistv5
Published
2025-08-26 13:32
Modified
2025-08-26 14:42
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function portRangeForwardAdd of the file /goform/portRangeForwardAdd. The manipulation of the argument ruleName/schedule/inboundFilter/TCPPorts/UDPPorts results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321397 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321397 | signature, permissions-required | |
| https://vuldb.com/?submit.634820 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9482",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T14:42:39.463898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:42:43.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Bond_yes (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function portRangeForwardAdd of the file /goform/portRangeForwardAdd. The manipulation of the argument ruleName/schedule/inboundFilter/TCPPorts/UDPPorts results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Betroffen ist die Funktion portRangeForwardAdd der Datei /goform/portRangeForwardAdd. Die Bearbeitung des Arguments ruleName/schedule/inboundFilter/TCPPorts/UDPPorts verursacht stack-based buffer overflow. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T13:32:11.752Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321397 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 portRangeForwardAdd stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321397"
},
{
"name": "VDB-321397 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321397"
},
{
"name": "Submit #634820 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.634820"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-26T09:40:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 portRangeForwardAdd stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9482",
"datePublished": "2025-08-26T13:32:11.752Z",
"dateReserved": "2025-08-26T07:35:47.510Z",
"dateUpdated": "2025-08-26T14:42:43.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8818 (GCVE-0-2025-8818)
Vulnerability from cvelistv5
Published
2025-08-10 22:32
Modified
2025-08-12 15:18
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319352 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319352 | signature, permissions-required | |
| https://vuldb.com/?submit.626682 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8818",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:18:20.811126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:18:23.965Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Dies betrifft die Funktion setDFSSetting der Datei /goform/setLan. Dank der Manipulation des Arguments lanNetmask/lanIp mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T22:32:07.499Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319352 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setLan setDFSSetting os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319352"
},
{
"name": "VDB-319352 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319352"
},
{
"name": "Submit #626682 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626682"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:08:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setLan setDFSSetting os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8818",
"datePublished": "2025-08-10T22:32:07.499Z",
"dateReserved": "2025-08-10T07:53:34.647Z",
"dateUpdated": "2025-08-12T15:18:23.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9483 (GCVE-0-2025-9483)
Vulnerability from cvelistv5
Published
2025-08-26 14:02
Modified
2025-08-26 15:01
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function singlePortForwardAdd of the file /goform/singlePortForwardAdd. This manipulation of the argument ruleName/schedule/inboundFilter causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321398 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321398 | signature, permissions-required | |
| https://vuldb.com/?submit.634823 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9483",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T15:01:54.282758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T15:01:59.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md#poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Bond_yes (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function singlePortForwardAdd of the file /goform/singlePortForwardAdd. This manipulation of the argument ruleName/schedule/inboundFilter causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle gefunden. Betroffen davon ist die Funktion singlePortForwardAdd der Datei /goform/singlePortForwardAdd. Dank der Manipulation des Arguments ruleName/schedule/inboundFilter mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:02:06.175Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321398 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 singlePortForwardAdd stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321398"
},
{
"name": "VDB-321398 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321398"
},
{
"name": "Submit #634823 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.634823"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-26T09:40:58.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 singlePortForwardAdd stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9483",
"datePublished": "2025-08-26T14:02:06.175Z",
"dateReserved": "2025-08-26T07:35:50.516Z",
"dateUpdated": "2025-08-26T15:01:59.378Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5440 (GCVE-0-2025-5440)
Vulnerability from cvelistv5
Published
2025-06-02 10:00
Modified
2025-06-02 12:20
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.310779 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.310779 | signature, permissions-required | |
| https://vuldb.com/?submit.584362 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_3/3.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6500 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5440",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T12:19:39.304983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T12:20:59.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist die Funktion NTP der Datei /goform/NTP. Durch das Manipulieren des Arguments manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T10:00:18.531Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310779 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 NTP os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310779"
},
{
"name": "VDB-310779 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310779"
},
{
"name": "Submit #584362 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.584362"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_3/3.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-01T19:11:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 NTP os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5440",
"datePublished": "2025-06-02T10:00:18.531Z",
"dateReserved": "2025-06-01T17:06:20.040Z",
"dateUpdated": "2025-06-02T12:20:59.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9361 (GCVE-0-2025-9361)
Vulnerability from cvelistv5
Published
2025-08-23 12:02
Modified
2025-08-25 18:05
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. Performing manipulation of the argument ipRangeBlockRuleName/scheduleIp/ipRangeBlockRuleIpAddr results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321064 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321064 | signature, permissions-required | |
| https://vuldb.com/?submit.631533 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_29/29.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_29/29.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9361",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:05:32.916158Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:05:48.015Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. Performing manipulation of the argument ipRangeBlockRuleName/scheduleIp/ipRangeBlockRuleIpAddr results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 gefunden. Es ist betroffen die Funktion ipRangeBlockManageRule der Datei /goform/ipRangeBlockManageRule. Mit der Manipulation des Arguments ipRangeBlockRuleName/scheduleIp/ipRangeBlockRuleIpAddr mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T12:02:06.669Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321064 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 ipRangeBlockManageRule stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321064"
},
{
"name": "VDB-321064 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321064"
},
{
"name": "Submit #631533 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631533"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_29/29.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_29/29.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-22T17:45:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 ipRangeBlockManageRule stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9361",
"datePublished": "2025-08-23T12:02:06.669Z",
"dateReserved": "2025-08-22T15:40:27.396Z",
"dateUpdated": "2025-08-25T18:05:48.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8831 (GCVE-0-2025-8831)
Vulnerability from cvelistv5
Published
2025-08-11 05:02
Modified
2025-08-11 20:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function remoteManagement of the file /goform/remoteManagement. The manipulation of the argument portNumber leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319365 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319365 | signature, permissions-required | |
| https://vuldb.com/?submit.626696 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8831",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T20:14:13.932565Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T20:14:17.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function remoteManagement of the file /goform/remoteManagement. The manipulation of the argument portNumber leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es betrifft die Funktion remoteManagement der Datei /goform/remoteManagement. Mit der Manipulation des Arguments portNumber mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T05:02:06.522Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319365 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 remoteManagement stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319365"
},
{
"name": "VDB-319365 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319365"
},
{
"name": "Submit #626696 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626696"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 remoteManagement stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8831",
"datePublished": "2025-08-11T05:02:06.522Z",
"dateReserved": "2025-08-10T07:54:11.765Z",
"dateUpdated": "2025-08-11T20:14:17.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5442 (GCVE-0-2025-5442)
Vulnerability from cvelistv5
Published
2025-06-02 11:00
Modified
2025-06-02 16:59
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.310781 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.310781 | signature, permissions-required | |
| https://vuldb.com/?submit.584364 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_5/5.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6500 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5442",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T16:59:01.468597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T16:59:31.782Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_5/5.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Sie wurde als kritisch eingestuft. Es geht hierbei um die Funktion RP_pingGatewayByBBS der Datei /goform/RP_pingGatewayByBBS. Durch das Beeinflussen des Arguments ip/nm/gw mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T11:00:18.937Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310781 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_pingGatewayByBBS os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310781"
},
{
"name": "VDB-310781 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310781"
},
{
"name": "Submit #584364 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.584364"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_5/5.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-01T19:11:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_pingGatewayByBBS os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5442",
"datePublished": "2025-06-02T11:00:18.937Z",
"dateReserved": "2025-06-01T17:06:25.303Z",
"dateUpdated": "2025-06-02T16:59:31.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9247 (GCVE-0-2025-9247)
Vulnerability from cvelistv5
Published
2025-08-20 20:32
Modified
2025-08-21 14:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file /goform/setVlan. The manipulation of the argument vlan_set leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.320778 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.320778 | signature, permissions-required | |
| https://vuldb.com/?submit.631520 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_16/16.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9247",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:27:08.733223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:48:36.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_16/16.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file /goform/setVlan. The manipulation of the argument vlan_set leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle gefunden. Es betrifft die Funktion setVlan der Datei /goform/setVlan. Durch Beeinflussen des Arguments vlan_set mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T20:32:06.545Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320778 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setVlan stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320778"
},
{
"name": "VDB-320778 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320778"
},
{
"name": "Submit #631520 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631520"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_16/16.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-20T13:22:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setVlan stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9247",
"datePublished": "2025-08-20T20:32:06.545Z",
"dateReserved": "2025-08-20T11:16:47.939Z",
"dateUpdated": "2025-08-21T14:48:36.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9245 (GCVE-0-2025-9245)
Vulnerability from cvelistv5
Published
2025-08-20 20:02
Modified
2025-08-20 20:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.320776 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.320776 | signature, permissions-required | |
| https://vuldb.com/?submit.631518 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_14/14.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9245",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T20:28:35.381245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T20:28:52.492Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 gefunden. Es ist betroffen die Funktion WPSSTAPINEnr der Datei /goform/WPSSTAPINEnr. Durch Manipulieren des Arguments ssid mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T20:02:06.507Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320776 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 WPSSTAPINEnr stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320776"
},
{
"name": "VDB-320776 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320776"
},
{
"name": "Submit #631518 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631518"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_14/14.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-20T13:22:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 WPSSTAPINEnr stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9245",
"datePublished": "2025-08-20T20:02:06.507Z",
"dateReserved": "2025-08-20T11:16:42.337Z",
"dateUpdated": "2025-08-20T20:28:52.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9249 (GCVE-0-2025-9249)
Vulnerability from cvelistv5
Published
2025-08-20 21:02
Modified
2025-08-21 14:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation of the argument enable_group/name_group/ip_group/mac_group causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.320780 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.320780 | signature, permissions-required | |
| https://vuldb.com/?submit.631522 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_18/18.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9249",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T14:39:40.429601Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:48:24.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_18/18.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation of the argument enable_group/name_group/ip_group/mac_group causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 gefunden. Dies betrifft die Funktion DHCPReserveAddGroup der Datei /goform/DHCPReserveAddGroup. Die Ver\u00e4nderung des Parameters enable_group/name_group/ip_group/mac_group resultiert in stack-based buffer overflow. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T21:02:08.236Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320780 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DHCPReserveAddGroup stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320780"
},
{
"name": "VDB-320780 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320780"
},
{
"name": "Submit #631522 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631522"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_18/18.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-20T13:22:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DHCPReserveAddGroup stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9249",
"datePublished": "2025-08-20T21:02:08.236Z",
"dateReserved": "2025-08-20T11:16:53.274Z",
"dateUpdated": "2025-08-21T14:48:24.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8833 (GCVE-0-2025-8833)
Vulnerability from cvelistv5
Published
2025-08-11 06:02
Modified
2025-08-11 20:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function langSwitchBack of the file /goform/langSwitchBack. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319367 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319367 | signature, permissions-required | |
| https://vuldb.com/?submit.626698 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8833",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T20:10:05.051112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T20:10:10.133Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md#poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function langSwitchBack of the file /goform/langSwitchBack. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Dies betrifft die Funktion langSwitchBack der Datei /goform/langSwitchBack. Durch Manipulation des Arguments langSelectionOnly mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T06:02:06.045Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319367 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 langSwitchBack stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319367"
},
{
"name": "VDB-319367 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319367"
},
{
"name": "Submit #626698 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626698"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 langSwitchBack stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8833",
"datePublished": "2025-08-11T06:02:06.045Z",
"dateReserved": "2025-08-10T07:54:18.864Z",
"dateUpdated": "2025-08-11T20:10:10.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5441 (GCVE-0-2025-5441)
Vulnerability from cvelistv5
Published
2025-06-02 10:31
Modified
2025-06-02 12:10
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.310780 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.310780 | signature, permissions-required | |
| https://vuldb.com/?submit.584363 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_4/4.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6500 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T12:06:07.017938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T12:10:19.108Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Es geht um die Funktion setDeviceURL der Datei /goform/setDeviceURL. Durch Manipulieren des Arguments DeviceURL mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T10:31:04.552Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310780 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 setDeviceURL os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310780"
},
{
"name": "VDB-310780 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310780"
},
{
"name": "Submit #584363 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.584363"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_4/4.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-01T19:11:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 setDeviceURL os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5441",
"datePublished": "2025-06-02T10:31:04.552Z",
"dateReserved": "2025-06-01T17:06:22.538Z",
"dateUpdated": "2025-06-02T12:10:19.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9356 (GCVE-0-2025-9356)
Vulnerability from cvelistv5
Published
2025-08-22 21:02
Modified
2025-08-26 14:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can lead to stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321059 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321059 | signature, permissions-required | |
| https://vuldb.com/?submit.631528 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9356",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T14:29:51.608197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:29:54.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can lead to stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 ist eine Schwachstelle entdeckt worden. Es geht hierbei um die Funktion inboundFilterAdd der Datei /goform/inboundFilterAdd. Die Manipulation des Arguments ruleName f\u00fchrt zu stack-based buffer overflow. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T21:02:09.690Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321059 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 inboundFilterAdd stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321059"
},
{
"name": "VDB-321059 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321059"
},
{
"name": "Submit #631528 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631528"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-22T17:45:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 inboundFilterAdd stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9356",
"datePublished": "2025-08-22T21:02:09.690Z",
"dateReserved": "2025-08-22T15:40:13.173Z",
"dateUpdated": "2025-08-26T14:29:54.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8819 (GCVE-0-2025-8819)
Vulnerability from cvelistv5
Published
2025-08-10 23:02
Modified
2025-08-12 14:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. The manipulation of the argument staticIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319353 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319353 | signature, permissions-required | |
| https://vuldb.com/?submit.626683 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8819",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:19:25.715282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:19:32.163Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. The manipulation of the argument staticIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Dabei betrifft es die Funktion setWan der Datei /goform/setWan. Dank Manipulation des Arguments staticIp mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T23:02:06.792Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319353 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setWan stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319353"
},
{
"name": "VDB-319353 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319353"
},
{
"name": "Submit #626683 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Type:St Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626683"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:09:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setWan stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8819",
"datePublished": "2025-08-10T23:02:06.792Z",
"dateReserved": "2025-08-10T07:53:37.672Z",
"dateUpdated": "2025-08-12T14:19:32.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9357 (GCVE-0-2025-9357)
Vulnerability from cvelistv5
Published
2025-08-23 06:02
Modified
2025-08-25 18:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function langSwitchByBBS of the file /goform/langSwitchByBBS. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321060 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321060 | signature, permissions-required | |
| https://vuldb.com/?submit.631529 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_25/25.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_25/25.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9357",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:18:31.836564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:19:15.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function langSwitchByBBS of the file /goform/langSwitchByBBS. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 gefunden. Es geht dabei um die Funktion langSwitchByBBS der Datei /goform/langSwitchByBBS. Die Ver\u00e4nderung des Parameters langSelectionOnly resultiert in stack-based buffer overflow. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T06:02:05.980Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321060 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 langSwitchByBBS stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321060"
},
{
"name": "VDB-321060 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321060"
},
{
"name": "Submit #631529 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631529"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_25/25.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_25/25.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-22T17:45:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 langSwitchByBBS stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9357",
"datePublished": "2025-08-23T06:02:05.980Z",
"dateReserved": "2025-08-22T15:40:15.687Z",
"dateUpdated": "2025-08-25T18:19:15.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9362 (GCVE-0-2025-9362)
Vulnerability from cvelistv5
Published
2025-08-23 13:32
Modified
2025-08-25 18:04
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/RC:R
VLAI Severity ?
EPSS score ?
Summary
A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function urlFilterManageRule of the file /goform/urlFilterManageRule. Executing manipulation of the argument urlFilterRuleName/scheduleUrl/addURLFilter can lead to stack-based buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321065 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321065 | signature, permissions-required | |
| https://vuldb.com/?submit.631534 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_30/30.md | related | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9362",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:04:39.250330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:04:58.391Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function urlFilterManageRule of the file /goform/urlFilterManageRule. Executing manipulation of the argument urlFilterRuleName/scheduleUrl/addURLFilter can lead to stack-based buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Betroffen davon ist die Funktion urlFilterManageRule der Datei /goform/urlFilterManageRule. Durch die Manipulation des Arguments urlFilterRuleName/scheduleUrl/addURLFilter mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T13:32:06.431Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321065 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 urlFilterManageRule stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321065"
},
{
"name": "VDB-321065 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321065"
},
{
"name": "Submit #631534 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631534"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_30/30.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-22T17:45:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 urlFilterManageRule stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9362",
"datePublished": "2025-08-23T13:32:06.431Z",
"dateReserved": "2025-08-22T15:40:30.483Z",
"dateUpdated": "2025-08-25T18:04:58.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9252 (GCVE-0-2025-9252)
Vulnerability from cvelistv5
Published
2025-08-20 22:02
Modified
2025-08-21 14:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function DisablePasswordAlertRedirect of the file /goform/DisablePasswordAlertRedirect. Executing manipulation of the argument hint can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.320783 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.320783 | signature, permissions-required | |
| https://vuldb.com/?submit.631525 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_21/21.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9252",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T14:42:15.791773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:47:42.019Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_21/21.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function DisablePasswordAlertRedirect of the file /goform/DisablePasswordAlertRedirect. Executing manipulation of the argument hint can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 ist eine Schwachstelle entdeckt worden. Davon betroffen ist die Funktion DisablePasswordAlertRedirect der Datei /goform/DisablePasswordAlertRedirect. Dank Manipulation des Arguments hint mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T22:02:09.003Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320783 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DisablePasswordAlertRedirect stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320783"
},
{
"name": "VDB-320783 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320783"
},
{
"name": "Submit #631525 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631525"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_21/21.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-20T13:22:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DisablePasswordAlertRedirect stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9252",
"datePublished": "2025-08-20T22:02:09.003Z",
"dateReserved": "2025-08-20T11:17:01.171Z",
"dateUpdated": "2025-08-21T14:47:42.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8830 (GCVE-0-2025-8830)
Vulnerability from cvelistv5
Published
2025-08-11 04:32
Modified
2025-08-11 20:29
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319364 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319364 | signature, permissions-required | |
| https://vuldb.com/?submit.626695 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8830",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T20:29:30.987889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T20:29:35.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Hierbei geht es um die Funktion sub_3517C der Datei /goform/setWan. Dank Manipulation des Arguments Hostname mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T04:32:06.147Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319364 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setWan sub_3517C os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319364"
},
{
"name": "VDB-319364 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319364"
},
{
"name": "Submit #626695 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626695"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setWan sub_3517C os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8830",
"datePublished": "2025-08-11T04:32:06.147Z",
"dateReserved": "2025-08-10T07:54:06.835Z",
"dateUpdated": "2025-08-11T20:29:35.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5443 (GCVE-0-2025-5443)
Vulnerability from cvelistv5
Published
2025-06-02 11:31
Modified
2025-06-02 16:29
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.310782 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.310782 | signature, permissions-required | |
| https://vuldb.com/?submit.584365 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_6/6.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6500 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5443",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T16:28:56.375367Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T16:29:14.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_6/6.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion wirelessAdvancedHidden der Datei /goform/wirelessAdvancedHidden. Durch Beeinflussen des Arguments ExtChSelector/24GSelector/5GSelector mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T11:31:04.438Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310782 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 wirelessAdvancedHidden os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310782"
},
{
"name": "VDB-310782 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310782"
},
{
"name": "Submit #584365 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.584365"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_6/6.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-01T19:11:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 wirelessAdvancedHidden os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5443",
"datePublished": "2025-06-02T11:31:04.438Z",
"dateReserved": "2025-06-01T17:06:27.764Z",
"dateUpdated": "2025-06-02T16:29:14.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9359 (GCVE-0-2025-9359)
Vulnerability from cvelistv5
Published
2025-08-23 09:32
Modified
2025-08-25 18:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. This manipulation of the argument ssidhex/pwd causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321062 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321062 | signature, permissions-required | |
| https://vuldb.com/?submit.631531 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_27/27.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_27/27.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9359",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:09:34.716859Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:13:23.246Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. This manipulation of the argument ssidhex/pwd causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle gefunden. Hierbei geht es um die Funktion RP_checkCredentialsByBBS der Datei /goform/RP_checkCredentialsByBBS. Dank der Manipulation des Arguments ssidhex/pwd mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T09:32:06.481Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321062 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_checkCredentialsByBBS stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321062"
},
{
"name": "VDB-321062 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321062"
},
{
"name": "Submit #631531 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631531"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_27/27.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_27/27.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-22T17:45:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_checkCredentialsByBBS stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9359",
"datePublished": "2025-08-23T09:32:06.481Z",
"dateReserved": "2025-08-22T15:40:20.930Z",
"dateUpdated": "2025-08-25T18:13:23.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8825 (GCVE-0-2025-8825)
Vulnerability from cvelistv5
Published
2025-08-11 02:02
Modified
2025-08-12 14:35
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319359 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319359 | signature, permissions-required | |
| https://vuldb.com/?submit.626690 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8825",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:34:58.428558Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:35:01.896Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Betroffen hiervon ist die Funktion RP_setBasicAuto der Datei /goform/RP_setBasicAuto. Durch das Manipulieren des Arguments staticIp/staticNetmask mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T02:02:06.384Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319359 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319359"
},
{
"name": "VDB-319359 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319359"
},
{
"name": "Submit #626690 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626690"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8825",
"datePublished": "2025-08-11T02:02:06.384Z",
"dateReserved": "2025-08-10T07:53:53.892Z",
"dateUpdated": "2025-08-12T14:35:01.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9575 (GCVE-0-2025-9575)
Vulnerability from cvelistv5
Published
2025-08-28 18:02
Modified
2025-08-28 18:31
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321689 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321689 | signature, permissions-required | |
| https://vuldb.com/?submit.634840 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9575",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T18:31:02.503516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:31:06.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Bond_yes (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Es geht hierbei um die Funktion cgiMain der Datei /cgi-bin/upload.cgi. Die Manipulation des Arguments filename f\u00fchrt zu os command injection. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:02:06.116Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321689 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 upload.cgi cgiMain os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321689"
},
{
"name": "VDB-321689 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321689"
},
{
"name": "Submit #634840 | Linksys E6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.634840"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-28T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-28T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-28T13:05:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 upload.cgi cgiMain os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9575",
"datePublished": "2025-08-28T18:02:06.116Z",
"dateReserved": "2025-08-28T11:00:44.364Z",
"dateUpdated": "2025-08-28T18:31:06.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9248 (GCVE-0-2025-9248)
Vulnerability from cvelistv5
Published
2025-08-20 21:02
Modified
2025-08-21 14:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ssidhex results in stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.320779 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.320779 | signature, permissions-required | |
| https://vuldb.com/?submit.631521 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_17/17.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9248",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:26:45.432101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:48:29.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_17/17.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ssidhex results in stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 ist eine Schwachstelle entdeckt worden. Das betrifft die Funktion RP_pingGatewayByBBS der Datei /goform/RP_pingGatewayByBBS. Die Manipulation des Arguments ssidhex f\u00fchrt zu stack-based buffer overflow. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T21:02:06.039Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320779 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_pingGatewayByBBS stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320779"
},
{
"name": "VDB-320779 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320779"
},
{
"name": "Submit #631521 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631521"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_17/17.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-20T13:22:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_pingGatewayByBBS stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9248",
"datePublished": "2025-08-20T21:02:06.039Z",
"dateReserved": "2025-08-20T11:16:50.673Z",
"dateUpdated": "2025-08-21T14:48:29.940Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9481 (GCVE-0-2025-9481)
Vulnerability from cvelistv5
Published
2025-08-26 13:32
Modified
2025-08-26 14:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function setIpv6 of the file /goform/setIpv6. The manipulation of the argument tunrd_Prefix leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321396 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321396 | signature, permissions-required | |
| https://vuldb.com/?submit.634819 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9481",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-26T14:40:53.873186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:40:57.042Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md#poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Bond_yes (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function setIpv6 of the file /goform/setIpv6. The manipulation of the argument tunrd_Prefix leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 gefunden. Hiervon betroffen ist die Funktion setIpv6 der Datei /goform/setIpv6. Die Ver\u00e4nderung des Parameters tunrd_Prefix resultiert in stack-based buffer overflow. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T13:32:09.115Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321396 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321396"
},
{
"name": "VDB-321396 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321396"
},
{
"name": "Submit #634819 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.634819"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-26T09:40:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9481",
"datePublished": "2025-08-26T13:32:09.115Z",
"dateReserved": "2025-08-26T07:35:43.588Z",
"dateUpdated": "2025-08-26T14:40:57.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8823 (GCVE-0-2025-8823)
Vulnerability from cvelistv5
Published
2025-08-11 01:05
Modified
2025-08-12 15:08
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319357 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319357 | signature, permissions-required | |
| https://vuldb.com/?submit.626687 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8823",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:08:08.222328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:08:13.288Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md#poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Betroffen ist die Funktion setDeviceName der Datei /goform/setDeviceName. Mittels dem Manipulieren des Arguments DeviceName mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T01:05:04.129Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319357 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDeviceName os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319357"
},
{
"name": "VDB-319357 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319357"
},
{
"name": "Submit #626687 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626687"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDeviceName os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8823",
"datePublished": "2025-08-11T01:05:04.129Z",
"dateReserved": "2025-08-10T07:53:48.447Z",
"dateUpdated": "2025-08-12T15:08:13.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8816 (GCVE-0-2025-8816)
Vulnerability from cvelistv5
Published
2025-08-10 15:48
Modified
2025-08-12 19:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function setOpMode of the file /goform/setOpMode. The manipulation of the argument ethConv leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319350 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319350 | signature, permissions-required | |
| https://vuldb.com/?submit.626680 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8816",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T19:04:28.621382Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T19:04:31.824Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function setOpMode of the file /goform/setOpMode. The manipulation of the argument ethConv leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es betrifft die Funktion setOpMode der Datei /goform/setOpMode. Durch das Beeinflussen des Arguments ethConv mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T15:48:21.300Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319350 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setOpMode stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319350"
},
{
"name": "VDB-319350 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319350"
},
{
"name": "Submit #626680 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Type:St Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626680"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:05:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setOpMode stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8816",
"datePublished": "2025-08-10T15:48:21.300Z",
"dateReserved": "2025-08-10T07:53:28.407Z",
"dateUpdated": "2025-08-12T19:04:31.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9253 (GCVE-0-2025-9253)
Vulnerability from cvelistv5
Published
2025-08-20 22:32
Modified
2025-08-21 14:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of the file /goform/RP_doSpecifySiteSurvey. The manipulation of the argument ssidhex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.320784 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.320784 | signature, permissions-required | |
| https://vuldb.com/?submit.631526 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_22/22.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9253",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:24:41.746941Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:47:34.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_22/22.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of the file /goform/RP_doSpecifySiteSurvey. The manipulation of the argument ssidhex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 gefunden. Hiervon betroffen ist die Funktion RP_doSpecifySiteSurvey der Datei /goform/RP_doSpecifySiteSurvey. Mit der Manipulation des Arguments ssidhex mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T22:32:06.493Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320784 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_doSpecifySiteSurvey stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320784"
},
{
"name": "VDB-320784 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320784"
},
{
"name": "Submit #631526 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 Linksys Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631526"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_22/22.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-20T13:22:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_doSpecifySiteSurvey stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9253",
"datePublished": "2025-08-20T22:32:06.493Z",
"dateReserved": "2025-08-20T11:17:03.780Z",
"dateUpdated": "2025-08-21T14:47:34.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9360 (GCVE-0-2025-9360)
Vulnerability from cvelistv5
Published
2025-08-23 10:32
Modified
2025-08-25 18:07
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function accessControlAdd of the file /goform/accessControlAdd. Such manipulation of the argument ruleName/schedule leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321063 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321063 | signature, permissions-required | |
| https://vuldb.com/?submit.631532 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_28/28.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_28/28.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9360",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:06:22.882035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:07:05.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function accessControlAdd of the file /goform/accessControlAdd. Such manipulation of the argument ruleName/schedule leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 ist eine Schwachstelle entdeckt worden. Betroffen ist die Funktion accessControlAdd der Datei /goform/accessControlAdd. Dank Manipulation des Arguments ruleName/schedule mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T10:32:06.525Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321063 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 accessControlAdd stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321063"
},
{
"name": "VDB-321063 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321063"
},
{
"name": "Submit #631532 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631532"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_28/28.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_28/28.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-22T17:45:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 accessControlAdd stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9360",
"datePublished": "2025-08-23T10:32:06.525Z",
"dateReserved": "2025-08-22T15:40:23.697Z",
"dateUpdated": "2025-08-25T18:07:05.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9246 (GCVE-0-2025-9246)
Vulnerability from cvelistv5
Published
2025-08-20 20:02
Modified
2025-08-20 20:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing manipulation of the argument single_port_rule/port_range_rule can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.320777 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.320777 | signature, permissions-required | |
| https://vuldb.com/?submit.631519 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_15/15.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9246",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T20:26:45.522485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T20:27:15.340Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing manipulation of the argument single_port_rule/port_range_rule can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Betroffen davon ist die Funktion check_port_conflict der Datei /goform/check_port_conflict. Durch das Beeinflussen des Arguments single_port_rule/port_range_rule mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T20:02:08.900Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320777 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 check_port_conflict stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320777"
},
{
"name": "VDB-320777 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320777"
},
{
"name": "Submit #631519 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631519"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_15/15.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-20T13:22:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 check_port_conflict stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9246",
"datePublished": "2025-08-20T20:02:08.900Z",
"dateReserved": "2025-08-20T11:16:45.220Z",
"dateUpdated": "2025-08-20T20:27:15.340Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9363 (GCVE-0-2025-9363)
Vulnerability from cvelistv5
Published
2025-08-23 14:02
Modified
2025-08-25 18:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function portTriggerManageRule of the file /goform/portTriggerManageRule. The manipulation of the argument triggerRuleName/schedule leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321066 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321066 | signature, permissions-required | |
| https://vuldb.com/?submit.631535 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_31/31.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_31/31.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9363",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:03:42.311583Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:04:05.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function portTriggerManageRule of the file /goform/portTriggerManageRule. The manipulation of the argument triggerRuleName/schedule leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle gefunden. Es betrifft die Funktion portTriggerManageRule der Datei /goform/portTriggerManageRule. Durch Manipulation des Arguments triggerRuleName/schedule mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T14:02:06.316Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321066 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 portTriggerManageRule stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321066"
},
{
"name": "VDB-321066 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321066"
},
{
"name": "Submit #631535 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631535"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_31/31.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_31/31.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-22T17:45:50.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 portTriggerManageRule stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9363",
"datePublished": "2025-08-23T14:02:06.316Z",
"dateReserved": "2025-08-22T15:40:33.495Z",
"dateUpdated": "2025-08-25T18:04:05.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9358 (GCVE-0-2025-9358)
Vulnerability from cvelistv5
Published
2025-08-23 07:32
Modified
2025-08-25 18:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setSysAdm of the file /goform/setSysAdm. The manipulation of the argument admpasshint results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321061 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321061 | signature, permissions-required | |
| https://vuldb.com/?submit.631530 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_26/26.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_26/26.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9358",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T18:13:59.042748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T18:14:09.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setSysAdm of the file /goform/setSysAdm. The manipulation of the argument admpasshint results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Dabei geht es um die Funktion setSysAdm der Datei /goform/setSysAdm. Die Bearbeitung des Arguments admpasshint verursacht stack-based buffer overflow. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T07:32:06.304Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321061 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setSysAdm stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321061"
},
{
"name": "VDB-321061 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321061"
},
{
"name": "Submit #631530 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631530"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_26/26.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_26/26.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-22T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-22T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-22T17:45:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setSysAdm stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9358",
"datePublished": "2025-08-23T07:32:06.304Z",
"dateReserved": "2025-08-22T15:40:18.364Z",
"dateUpdated": "2025-08-25T18:14:09.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8828 (GCVE-0-2025-8828)
Vulnerability from cvelistv5
Published
2025-08-11 03:32
Modified
2025-08-12 14:09
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319362 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319362 | signature, permissions-required | |
| https://vuldb.com/?submit.626693 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8828",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:09:26.315772Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:09:29.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es geht dabei um die Funktion ipv6cmd der Datei /goform/setIpv6. Durch Beeinflussen des Arguments Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T03:32:05.882Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319362 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 ipv6cmd os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319362"
},
{
"name": "VDB-319362 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319362"
},
{
"name": "Submit #626693 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626693"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setIpv6 ipv6cmd os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8828",
"datePublished": "2025-08-11T03:32:05.882Z",
"dateReserved": "2025-08-10T07:54:01.680Z",
"dateUpdated": "2025-08-12T14:09:29.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8832 (GCVE-0-2025-8832)
Vulnerability from cvelistv5
Published
2025-08-11 05:32
Modified
2025-08-11 20:11
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319366 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319366 | signature, permissions-required | |
| https://vuldb.com/?submit.626697 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8832",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T20:11:02.476149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T20:11:06.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Das betrifft die Funktion setDMZ der Datei /goform/setDMZ. Durch die Manipulation des Arguments DMZIPAddress mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T05:32:06.427Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319366 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDMZ stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319366"
},
{
"name": "VDB-319366 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319366"
},
{
"name": "Submit #626697 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626697"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:58.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setDMZ stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8832",
"datePublished": "2025-08-11T05:32:06.427Z",
"dateReserved": "2025-08-10T07:54:15.447Z",
"dateUpdated": "2025-08-11T20:11:06.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8826 (GCVE-0-2025-8826)
Vulnerability from cvelistv5
Published
2025-08-11 02:32
Modified
2025-08-12 14:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function um_rp_autochannel of the file /goform/RP_setBasicAuto. The manipulation of the argument apcli_AuthMode_2G/apcli_AuthMode_5G leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319360 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319360 | signature, permissions-required | |
| https://vuldb.com/?submit.626691 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_42/42.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_42/42.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:30:43.288419Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:30:49.050Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function um_rp_autochannel of the file /goform/RP_setBasicAuto. The manipulation of the argument apcli_AuthMode_2G/apcli_AuthMode_5G leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es geht um die Funktion um_rp_autochannel der Datei /goform/RP_setBasicAuto. Durch Manipulieren des Arguments apcli_AuthMode_2G/apcli_AuthMode_5G mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T02:32:06.791Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319360 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_rp_autochannel stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319360"
},
{
"name": "VDB-319360 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319360"
},
{
"name": "Submit #626691 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626691"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_42/42.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_42/42.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:47.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_rp_autochannel stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8826",
"datePublished": "2025-08-11T02:32:06.791Z",
"dateReserved": "2025-08-10T07:53:56.568Z",
"dateUpdated": "2025-08-12T14:30:49.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8820 (GCVE-0-2025-8820)
Vulnerability from cvelistv5
Published
2025-08-10 23:32
Modified
2025-08-12 14:15
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submit_SSID1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319354 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319354 | signature, permissions-required | |
| https://vuldb.com/?submit.626684 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8820",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:14:53.876422Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:15:00.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submit_SSID1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Hierbei betrifft es die Funktion wirelessBasic der Datei /goform/wirelessBasic. Mit der Manipulation des Arguments submit_SSID1 mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T23:32:06.061Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319354 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 wirelessBasic stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319354"
},
{
"name": "VDB-319354 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319354"
},
{
"name": "Submit #626684 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626684"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:09:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 wirelessBasic stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8820",
"datePublished": "2025-08-10T23:32:06.061Z",
"dateReserved": "2025-08-10T07:53:40.236Z",
"dateUpdated": "2025-08-12T14:15:00.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9251 (GCVE-0-2025-9251)
Vulnerability from cvelistv5
Published
2025-08-20 22:02
Modified
2025-08-21 14:47
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function sta_wps_pin of the file /goform/sta_wps_pin. Performing manipulation of the argument Ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.320782 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.320782 | signature, permissions-required | |
| https://vuldb.com/?submit.631524 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_20/20.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9251",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T13:25:21.864378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:47:48.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_20/20.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function sta_wps_pin of the file /goform/sta_wps_pin. Performing manipulation of the argument Ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle gefunden. Hierbei betrifft es die Funktion sta_wps_pin der Datei /goform/sta_wps_pin. Dank der Manipulation des Arguments Ssid mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T22:02:06.683Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320782 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 sta_wps_pin stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320782"
},
{
"name": "VDB-320782 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320782"
},
{
"name": "Submit #631524 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631524"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_20/20.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-20T13:22:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 sta_wps_pin stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9251",
"datePublished": "2025-08-20T22:02:06.683Z",
"dateReserved": "2025-08-20T11:16:58.521Z",
"dateUpdated": "2025-08-21T14:47:48.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9250 (GCVE-0-2025-9250)
Vulnerability from cvelistv5
Published
2025-08-20 21:32
Modified
2025-08-21 14:48
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.320781 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.320781 | signature, permissions-required | |
| https://vuldb.com/?submit.631523 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9250",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T14:40:59.766644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:48:17.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Dabei betrifft es die Funktion setPWDbyBBS der Datei /goform/setPWDbyBBS. Die Bearbeitung des Arguments hint verursacht stack-based buffer overflow. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T21:32:06.411Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320781 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setPWDbyBBS stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320781"
},
{
"name": "VDB-320781 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320781"
},
{
"name": "Submit #631523 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631523"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-20T13:22:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setPWDbyBBS stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9250",
"datePublished": "2025-08-20T21:32:06.411Z",
"dateReserved": "2025-08-20T11:16:55.733Z",
"dateUpdated": "2025-08-21T14:48:17.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8817 (GCVE-0-2025-8817)
Vulnerability from cvelistv5
Published
2025-08-10 22:02
Modified
2025-08-12 15:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setLan of the file /goform/setLan. The manipulation of the argument lan2enabled leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319351 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319351 | signature, permissions-required | |
| https://vuldb.com/?submit.626681 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8817",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:19:13.918398Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:19:17.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setLan of the file /goform/setLan. The manipulation of the argument lan2enabled leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Das betrifft die Funktion setLan der Datei /goform/setLan. Durch Beeinflussen des Arguments lan2enabled mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-10T22:02:06.497Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319351 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setLan stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319351"
},
{
"name": "VDB-319351 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319351"
},
{
"name": "Submit #626681 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626681"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:07:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setLan stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8817",
"datePublished": "2025-08-10T22:02:06.497Z",
"dateReserved": "2025-08-10T07:53:31.777Z",
"dateUpdated": "2025-08-12T15:19:17.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9393 (GCVE-0-2025-9393)
Vulnerability from cvelistv5
Published
2025-08-24 15:32
Modified
2025-08-25 17:20
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument profile_name/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321226 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321226 | signature, permissions-required | |
| https://vuldb.com/?submit.631538 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9393",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T17:20:34.217450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T17:20:38.495Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument profile_name/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle gefunden. Es ist betroffen die Funktion addStaProfile der Datei /goform/addStaProfile. Durch Beeinflussen des Arguments profile_name/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T15:32:06.793Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321226 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 addStaProfile stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321226"
},
{
"name": "VDB-321226 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321226"
},
{
"name": "Submit #631538 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631538"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-23T17:43:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 addStaProfile stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9393",
"datePublished": "2025-08-24T15:32:06.793Z",
"dateReserved": "2025-08-23T15:38:12.812Z",
"dateUpdated": "2025-08-25T17:20:38.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5439 (GCVE-0-2025-5439)
Vulnerability from cvelistv5
Published
2025-06-02 09:31
Modified
2025-06-02 12:33
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.310778 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.310778 | signature, permissions-required | |
| https://vuldb.com/?submit.584361 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_2/2.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6500 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5439",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T12:22:09.130270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T12:33:27.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 ausgemacht. Betroffen davon ist die Funktion verifyFacebookLike der Datei /goform/verifyFacebookLike. Mittels Manipulieren des Arguments uid/accessToken mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T09:31:05.517Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310778 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 verifyFacebookLike os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310778"
},
{
"name": "VDB-310778 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310778"
},
{
"name": "Submit #584361 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.584361"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_2/2.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-01T19:11:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 verifyFacebookLike os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5439",
"datePublished": "2025-06-02T09:31:05.517Z",
"dateReserved": "2025-06-01T17:06:17.250Z",
"dateUpdated": "2025-06-02T12:33:27.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5445 (GCVE-0-2025-5445)
Vulnerability from cvelistv5
Published
2025-06-02 12:31
Modified
2025-06-02 16:22
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.310784 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.310784 | signature, permissions-required | |
| https://vuldb.com/?submit.584367 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_8/8.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6500 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5445",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T16:21:55.937009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T16:22:15.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_8/8.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 gefunden. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion RP_checkFWByBBS der Datei /goform/RP_checkFWByBBS. Dank Manipulation des Arguments type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T12:31:04.618Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310784 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkFWByBBS os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310784"
},
{
"name": "VDB-310784 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310784"
},
{
"name": "Submit #584367 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.584367"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_8/8.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-01T19:11:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 RP_checkFWByBBS os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5445",
"datePublished": "2025-06-02T12:31:04.618Z",
"dateReserved": "2025-06-01T17:06:33.558Z",
"dateUpdated": "2025-06-02T16:22:15.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8822 (GCVE-0-2025-8822)
Vulnerability from cvelistv5
Published
2025-08-11 00:32
Modified
2025-08-12 15:14
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function algDisable of the file /goform/setOpMode. The manipulation of the argument opMode leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319356 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319356 | signature, permissions-required | |
| https://vuldb.com/?submit.626686 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8822",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T15:14:34.934647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T15:14:50.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function algDisable of the file /goform/setOpMode. The manipulation of the argument opMode leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Hiervon betroffen ist die Funktion algDisable der Datei /goform/setOpMode. Durch Manipulation des Arguments opMode mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T00:32:06.033Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319356 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setOpMode algDisable stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319356"
},
{
"name": "VDB-319356 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319356"
},
{
"name": "Submit #626686 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626686"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setOpMode algDisable stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8822",
"datePublished": "2025-08-11T00:32:06.033Z",
"dateReserved": "2025-08-10T07:53:45.675Z",
"dateUpdated": "2025-08-12T15:14:50.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9392 (GCVE-0-2025-9392)
Vulnerability from cvelistv5
Published
2025-08-24 15:02
Modified
2025-08-25 17:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. Such manipulation of the argument dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.321225 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.321225 | signature, permissions-required | |
| https://vuldb.com/?submit.631537 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9392",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T17:37:02.501767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T17:37:11.597Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. Such manipulation of the argument dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Betroffen ist die Funktion qosClassifier der Datei /goform/qosClassifier. Durch das Beeinflussen des Arguments dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T15:02:06.506Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321225 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 qosClassifier stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.321225"
},
{
"name": "VDB-321225 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321225"
},
{
"name": "Submit #631537 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631537"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-23T17:43:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 qosClassifier stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9392",
"datePublished": "2025-08-24T15:02:06.506Z",
"dateReserved": "2025-08-23T15:38:01.385Z",
"dateUpdated": "2025-08-25T17:37:11.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5438 (GCVE-0-2025-5438)
Vulnerability from cvelistv5
Published
2025-06-02 09:00
Modified
2025-06-02 12:35
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.310777 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.310777 | signature, permissions-required | |
| https://vuldb.com/?submit.584360 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_1/1.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6500 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5438",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T12:34:07.262706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T12:35:17.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist die Funktion WPS der Datei /goform/WPS. Mittels dem Manipulieren des Arguments PIN mit unbekannten Daten kann eine command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T09:00:19.465Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310777 | Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 WPS command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310777"
},
{
"name": "VDB-310777 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310777"
},
{
"name": "Submit #584360 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Remote Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.584360"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_1/1.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-01T19:11:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 WPS command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5438",
"datePublished": "2025-06-02T09:00:19.465Z",
"dateReserved": "2025-06-01T17:06:14.336Z",
"dateUpdated": "2025-06-02T12:35:17.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8824 (GCVE-0-2025-8824)
Vulnerability from cvelistv5
Published
2025-08-11 01:32
Modified
2025-08-12 14:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319358 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319358 | signature, permissions-required | |
| https://vuldb.com/?submit.626689 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8824",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:35:46.085672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:35:49.267Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Betroffen davon ist die Funktion setRIP der Datei /goform/setRIP. Mittels Manipulieren des Arguments RIPmode/RIPpasswd mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T01:32:06.863Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319358 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setRIP stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319358"
},
{
"name": "VDB-319358 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319358"
},
{
"name": "Submit #626689 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626689"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setRIP stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8824",
"datePublished": "2025-08-11T01:32:06.863Z",
"dateReserved": "2025-08-10T07:53:51.174Z",
"dateUpdated": "2025-08-12T14:35:49.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9244 (GCVE-0-2025-9244)
Vulnerability from cvelistv5
Published
2025-08-20 19:32
Modified
2025-08-20 20:16
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument staticRoute_IP_setting/staticRoute_Netmask_setting/staticRoute_Gateway_setting/staticRoute_Metric_setting/staticRoute_destType_setting leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.320775 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.320775 | signature, permissions-required | |
| https://vuldb.com/?submit.631517 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_11/11.md | exploit | |
| https://www.linksys.com/ | product |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | RE6250 |
Version: 1.0.013.001 Version: 1.0.04.001 Version: 1.0.04.002 Version: 1.1.05.003 Version: 1.2.07.001 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9244",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-20T20:16:41.889009Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T20:16:52.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument staticRoute_IP_setting/staticRoute_Netmask_setting/staticRoute_Gateway_setting/staticRoute_Metric_setting/staticRoute_destType_setting leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 ist eine Schwachstelle entdeckt worden. Betroffen ist die Funktion addStaticRoute der Datei /goform/addStaticRoute. Durch das Manipulieren des Arguments staticRoute_IP_setting/staticRoute_Netmask_setting/staticRoute_Gateway_setting/staticRoute_Metric_setting/staticRoute_destType_setting mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T19:32:08.090Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320775 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 addStaticRoute os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320775"
},
{
"name": "VDB-320775 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320775"
},
{
"name": "Submit #631517 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631517"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_11/11.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-20T13:22:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 addStaticRoute os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9244",
"datePublished": "2025-08-20T19:32:08.090Z",
"dateReserved": "2025-08-20T11:16:31.303Z",
"dateUpdated": "2025-08-20T20:16:52.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8827 (GCVE-0-2025-8827)
Vulnerability from cvelistv5
Published
2025-08-11 03:02
Modified
2025-08-12 14:21
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319361 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319361 | signature, permissions-required | |
| https://vuldb.com/?submit.626692 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8827",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:21:11.472745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:21:14.853Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjq123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es geht hierbei um die Funktion um_inspect_cross_band der Datei /goform/RP_setBasicAuto. Durch das Beeinflussen des Arguments staticGateway mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T03:02:06.170Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319361 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_inspect_cross_band os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319361"
},
{
"name": "VDB-319361 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319361"
},
{
"name": "Submit #626692 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626692"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasicAuto um_inspect_cross_band os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8827",
"datePublished": "2025-08-11T03:02:06.170Z",
"dateReserved": "2025-08-10T07:53:59.145Z",
"dateUpdated": "2025-08-12T14:21:14.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8821 (GCVE-0-2025-8821)
Vulnerability from cvelistv5
Published
2025-08-11 00:02
Modified
2025-08-12 14:12
Severity ?
2.1 (Low) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RC:R
VLAI Severity ?
EPSS score ?
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.319355 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.319355 | signature, permissions-required | |
| https://vuldb.com/?submit.626685 | third-party-advisory | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md | related | |
| https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc | exploit | |
| https://www.linksys.com/ | product |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8821",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:12:12.271260Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:12:17.881Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "20250801"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Davon betroffen ist die Funktion RP_setBasic der Datei /goform/RP_setBasic. Durch die Manipulation des Arguments bssid mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T00:02:06.241Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319355 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasic os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319355"
},
{
"name": "VDB-319355 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319355"
},
{
"name": "Submit #626685 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.626685"
},
{
"tags": [
"related"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T10:11:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_setBasic os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8821",
"datePublished": "2025-08-11T00:02:06.241Z",
"dateReserved": "2025-08-10T07:53:42.812Z",
"dateUpdated": "2025-08-12T14:12:17.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-08-11 00:15
Modified
2025-09-04 18:40
Severity ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submit_SSID1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319354 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319354 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626684 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submit_SSID1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta 20250801. Esta vulnerabilidad afecta a la funci\u00f3n wirelessBasic del archivo /goform/wirelessBasic. La manipulaci\u00f3n del argumento submit_SSID1 provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede iniciarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8820",
"lastModified": "2025-09-04T18:40:46.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T00:15:25.607",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319354"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319354"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626684"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_54/54.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-23 14:15
Modified
2025-09-02 18:18
Severity ?
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function portTriggerManageRule of the file /goform/portTriggerManageRule. The manipulation of the argument triggerRuleName/schedule leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_31/31.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_31/31.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321066 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321066 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631535 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function portTriggerManageRule of the file /goform/portTriggerManageRule. The manipulation of the argument triggerRuleName/schedule leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n portTriggerManageRule del archivo /goform/portTriggerManageRule. La manipulaci\u00f3n del argumento triggerRuleName/schedule provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9363",
"lastModified": "2025-09-02T18:18:42.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-23T14:15:31.737",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_31/31.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_31/31.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321066"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321066"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631535"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-20 20:15
Modified
2025-09-02 18:22
Severity ?
Summary
A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing manipulation of the argument single_port_rule/port_range_rule can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_15/15.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320777 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.320777 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631519 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing manipulation of the argument single_port_rule/port_range_rule can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una falla en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. La funci\u00f3n check_port_conflict del archivo /goform/check_port_conflict se ve afectada. La manipulaci\u00f3n del argumento single_port_rule/port_range_rule puede provocar un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9246",
"lastModified": "2025-09-02T18:22:27.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-20T20:15:34.293",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_15/15.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.320777"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320777"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631519"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 03:15
Modified
2025-09-04 18:37
Severity ?
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function um_rp_autochannel of the file /goform/RP_setBasicAuto. The manipulation of the argument apcli_AuthMode_2G/apcli_AuthMode_5G leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_42/42.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_42/42.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319360 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319360 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626691 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function um_rp_autochannel of the file /goform/RP_setBasicAuto. The manipulation of the argument apcli_AuthMode_2G/apcli_AuthMode_5G leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Esta vulnerabilidad afecta a la funci\u00f3n um_rp_autochannel del archivo /goform/RP_setBasicAuto. La manipulaci\u00f3n del argumento apcli_AuthMode_2G/apcli_AuthMode_5G provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede iniciarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8826",
"lastModified": "2025-09-04T18:37:28.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T03:15:25.357",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_42/42.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_42/42.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319360"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319360"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626691"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-26 14:15
Modified
2025-09-02 18:08
Severity ?
Summary
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function setIpv6 of the file /goform/setIpv6. The manipulation of the argument tunrd_Prefix leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321396 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321396 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.634819 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function setIpv6 of the file /goform/setIpv6. The manipulation of the argument tunrd_Prefix leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de seguridad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n setIpv6 del archivo /goform/setIpv6. La manipulaci\u00f3n del argumento tunrd_Prefix provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9481",
"lastModified": "2025-09-02T18:08:19.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-26T14:15:47.323",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321396"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321396"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.634819"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_35/35.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-20 23:15
Modified
2025-09-02 18:22
Severity ?
Summary
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of the file /goform/RP_doSpecifySiteSurvey. The manipulation of the argument ssidhex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_22/22.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320784 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.320784 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631526 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_22/22.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of the file /goform/RP_doSpecifySiteSurvey. The manipulation of the argument ssidhex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de seguridad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. La funci\u00f3n RP_doSpecifySiteSurvey del archivo /goform/RP_doSpecifySiteSurvey se ve afectada. La manipulaci\u00f3n del argumento ssidhex provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9253",
"lastModified": "2025-09-02T18:22:57.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-20T23:15:30.037",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_22/22.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.320784"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320784"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631526"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_22/22.md"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-23 10:15
Modified
2025-09-02 18:19
Severity ?
Summary
A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. This manipulation of the argument ssidhex/pwd causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_27/27.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_27/27.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321062 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321062 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631531 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. This manipulation of the argument ssidhex/pwd causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Este problema afecta a la funci\u00f3n RP_checkCredentialsByBBS del archivo /goform/RP_checkCredentialsByBBS. Esta manipulaci\u00f3n del argumento ssidhex/pwd provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta revelaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9359",
"lastModified": "2025-09-02T18:19:12.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-23T10:15:29.897",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_27/27.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_27/27.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321062"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321062"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631531"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 02:15
Modified
2025-09-04 18:38
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319357 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319357 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626687 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Esta vulnerabilidad afecta a la funci\u00f3n setDeviceName del archivo /goform/setDeviceName. La manipulaci\u00f3n del argumento DeviceName provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8823",
"lastModified": "2025-09-04T18:38:48.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T02:15:25.237",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319357"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319357"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626687"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_57/57.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 01:15
Modified
2025-09-04 18:39
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319355 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319355 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626685 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Este problema afecta a la funci\u00f3n RP_setBasic del archivo /goform/RP_setBasic. La manipulaci\u00f3n del argumento bssid provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede iniciarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8821",
"lastModified": "2025-09-04T18:39:31.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T01:15:28.510",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319355"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319355"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626685"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_55/55.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 02:15
Modified
2025-09-04 18:38
Severity ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319358 | Press/Media Coverage, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319358 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626689 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Este problema afecta a la funci\u00f3n setRIP del archivo /goform/setRIP. La manipulaci\u00f3n del argumento RIPmode/RIPpasswd provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8824",
"lastModified": "2025-09-04T18:38:17.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T02:15:26.023",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Press/Media Coverage",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319358"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319358"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626689"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_40/40.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-23 11:15
Modified
2025-09-02 18:19
Severity ?
Summary
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function accessControlAdd of the file /goform/accessControlAdd. Such manipulation of the argument ruleName/schedule leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_28/28.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_28/28.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321063 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321063 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631532 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function accessControlAdd of the file /goform/accessControlAdd. Such manipulation of the argument ruleName/schedule leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de seguridad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. La funci\u00f3n accessControlAdd del archivo /goform/accessControlAdd se ve afectada. Esta manipulaci\u00f3n del argumento ruleName/schedule provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9360",
"lastModified": "2025-09-02T18:19:05.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-23T11:15:30.433",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_28/28.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_28/28.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321063"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321063"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631532"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-23 06:15
Modified
2025-09-02 18:19
Severity ?
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function langSwitchByBBS of the file /goform/langSwitchByBBS. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_25/25.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_25/25.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321060 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321060 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631529 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function langSwitchByBBS of the file /goform/langSwitchByBBS. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n langSwitchByBBS del archivo /goform/langSwitchByBBS. La manipulaci\u00f3n del argumento langSelectionOnly provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9357",
"lastModified": "2025-09-02T18:19:38.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-23T06:15:30.517",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_25/25.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_25/25.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321060"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321060"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631529"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-10 23:15
Modified
2025-09-04 18:40
Severity ?
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. The manipulation of the argument staticIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319353 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319353 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626683 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. The manipulation of the argument staticIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Esta vulnerabilidad afecta a la funci\u00f3n setWan del archivo /goform/setWan. La manipulaci\u00f3n del argumento staticIp provoca un desbordamiento del b\u00fafer en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8819",
"lastModified": "2025-09-04T18:40:56.497",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-10T23:15:26.607",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319353"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319353"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626683"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_53/53.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-28 18:15
Modified
2025-09-04 18:32
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321689 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.321689 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.634840 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function cgiMain of the file /cgi-bin/upload.cgi. Executing manipulation of the argument filename can lead to os command injection. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"id": "CVE-2025-9575",
"lastModified": "2025-09-04T18:32:04.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-28T18:15:34.557",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.321689"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321689"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.634840"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_13/13.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-02 10:15
Modified
2025-07-02 18:08
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_2/2.md | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.310778 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.310778 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.584361 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Linksys RE6500, RE6250, RE6300, RE6350, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Se ha clasificado como cr\u00edtica. Este problema afecta a la funci\u00f3n \"verifyFacebookLike\" del archivo /goform/verifyFacebookLike. La manipulaci\u00f3n del argumento uid/accessToken provoca la inyecci\u00f3n de comandos en el sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-5439",
"lastModified": "2025-07-02T18:08:04.770",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-02T10:15:21.907",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_2/2.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.310778"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.310778"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.584361"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-02 13:15
Modified
2025-06-25 17:24
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_9/9.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.310785 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.310785 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.584368 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Linksys RE6500, RE6250, RE6300, RE6350, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Se ha clasificado como cr\u00edtica. Afecta a la funci\u00f3n RP_checkCredentialsByBBS del archivo /goform/RP_checkCredentialsByBBS. La manipulaci\u00f3n del argumento pwd provoca la inyecci\u00f3n de comandos del sistema operativo. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-5446",
"lastModified": "2025-06-25T17:24:47.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-02T13:15:23.097",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_9/9.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.310785"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.310785"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.584368"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-20 21:15
Modified
2025-09-02 18:22
Severity ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation of the argument enable_group/name_group/ip_group/mac_group causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_18/18.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320780 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.320780 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631522 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_18/18.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function DHCPReserveAddGroup of the file /goform/DHCPReserveAddGroup. This manipulation of the argument enable_group/name_group/ip_group/mac_group causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 (1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001). Esta vulnerabilidad afecta a la funci\u00f3n DHCPReserveAddGroup del archivo /goform/DHCPReserveAddGroup. Esta manipulaci\u00f3n del argumento enable_group/name_group/ip_group/mac_group provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9249",
"lastModified": "2025-09-02T18:22:48.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-20T21:15:32.853",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_18/18.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.320780"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320780"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631522"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_18/18.md"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 04:15
Modified
2025-09-04 18:36
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319363 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319363 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626694 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Esta vulnerabilidad afecta a la funci\u00f3n um_red del archivo /goform/RP_setBasicAuto. La manipulaci\u00f3n del argumento hname provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8829",
"lastModified": "2025-09-04T18:36:17.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T04:15:46.643",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319363"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319363"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626694"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_45/45.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-24 15:15
Modified
2025-09-02 18:18
Severity ?
Summary
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. Such manipulation of the argument dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321225 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321225 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631537 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. Such manipulation of the argument dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de seguridad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n qosClassifier del archivo /goform/qosClassifier. Esta manipulaci\u00f3n del argumento dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9392",
"lastModified": "2025-09-02T18:18:32.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-24T15:15:28.873",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321225"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321225"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631537"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 04:15
Modified
2025-09-04 18:37
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319361 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319361 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626692 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Este problema afecta a la funci\u00f3n um_inspect_cross_band del archivo /goform/RP_setBasicAuto. La manipulaci\u00f3n del argumento staticGateway provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede iniciarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8827",
"lastModified": "2025-09-04T18:37:10.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T04:15:44.160",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319361"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319361"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626692"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_43/43.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-22 21:15
Modified
2025-09-02 18:20
Severity ?
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function scheduleAdd of the file /goform/scheduleAdd. Performing manipulation of the argument ruleName results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321058 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321058 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631527 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function scheduleAdd of the file /goform/scheduleAdd. Performing manipulation of the argument ruleName results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n \"scheduleAdd\" del archivo /goform/scheduleAdd. La manipulaci\u00f3n del argumento \"ruleName\" provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9355",
"lastModified": "2025-09-02T18:20:04.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-22T21:15:32.680",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321058"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321058"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631527"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-23 08:15
Modified
2025-09-02 18:19
Severity ?
Summary
A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setSysAdm of the file /goform/setSysAdm. The manipulation of the argument admpasshint results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_26/26.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_26/26.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321061 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321061 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631530 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setSysAdm of the file /goform/setSysAdm. The manipulation of the argument admpasshint results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha descubierto una falla de seguridad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n setSysAdm del archivo /goform/setSysAdm. La manipulaci\u00f3n del argumento admpasshint provoca un desbordamiento del b\u00fafer basado en la pila. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9358",
"lastModified": "2025-09-02T18:19:21.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-23T08:15:29.837",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_26/26.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_26/26.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321061"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321061"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631530"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-02 12:15
Modified
2025-06-10 15:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_7/7.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.310783 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.310783 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.584366 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_7/7.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of the file /goform/RP_UpgradeFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en Linksys RE6500, RE6250, RE6300, RE6350, RE7000 y RE9000 (1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001), clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n RP_UpgradeFWByBBS del archivo /goform/RP_UpgradeFWByBBS. La manipulaci\u00f3n del argumento type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-5444",
"lastModified": "2025-06-10T15:14:50.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-02T12:15:26.337",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_7/7.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.310783"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.310783"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.584366"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_7/7.md"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-22 21:15
Modified
2025-09-02 18:19
Severity ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can lead to stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321059 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321059 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631528 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can lead to stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. La funci\u00f3n inboundFilterAdd del archivo /goform/inboundFilterAdd se ve afectada. La manipulaci\u00f3n del argumento ruleName puede provocar un desbordamiento del b\u00fafer en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9356",
"lastModified": "2025-09-02T18:19:49.930",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-22T21:15:32.913",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321059"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321059"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631528"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 01:15
Modified
2025-09-04 18:39
Severity ?
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function algDisable of the file /goform/setOpMode. The manipulation of the argument opMode leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319356 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319356 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626686 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function algDisable of the file /goform/setOpMode. The manipulation of the argument opMode leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. La funci\u00f3n algDisable del archivo /goform/setOpMode se ve afectada. La manipulaci\u00f3n del argumento opMode provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8822",
"lastModified": "2025-09-04T18:39:00.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T01:15:28.710",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319356"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319356"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626686"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_56/56.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-02 11:15
Modified
2025-06-25 18:00
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_5/5.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.310781 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.310781 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.584364 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_5/5.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ip/nm/gw leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en los Linksys RE6500, RE6250, RE6300, RE6350, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Este problema afecta a la funci\u00f3n RP_pingGatewayByBBS del archivo /goform/RP_pingGatewayByBBS. La manipulaci\u00f3n del argumento ip/nm/gw provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-5442",
"lastModified": "2025-06-25T18:00:33.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-02T11:15:23.260",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_5/5.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.310781"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.310781"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.584364"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_5/5.md"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-26 14:15
Modified
2025-09-02 18:08
Severity ?
Summary
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function portRangeForwardAdd of the file /goform/portRangeForwardAdd. The manipulation of the argument ruleName/schedule/inboundFilter/TCPPorts/UDPPorts results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321397 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321397 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.634820 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function portRangeForwardAdd of the file /goform/portRangeForwardAdd. The manipulation of the argument ruleName/schedule/inboundFilter/TCPPorts/UDPPorts results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n portRangeForwardAdd del archivo /goform/portRangeForwardAdd. La manipulaci\u00f3n del argumento ruleName/schedule/inboundFilter/TCPPorts/UDPPorts provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9482",
"lastModified": "2025-09-02T18:08:10.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-26T14:15:47.623",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321397"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321397"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.634820"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_36/36.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-10 16:15
Modified
2025-09-04 18:41
Severity ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function setOpMode of the file /goform/setOpMode. The manipulation of the argument ethConv leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319350 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319350 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626680 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function setOpMode of the file /goform/setOpMode. The manipulation of the argument ethConv leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. La funci\u00f3n setOpMode del archivo /goform/setOpMode se ve afectada. La manipulaci\u00f3n del argumento ethConv provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8816",
"lastModified": "2025-09-04T18:41:41.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-10T16:15:27.107",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319350"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319350"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626680"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_50/50.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 05:15
Modified
2025-09-04 18:35
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319364 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319364 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626695 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Este problema afecta a la funci\u00f3n sub_3517C del archivo /goform/setWan. La manipulaci\u00f3n del argumento \"Hostname\" provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8830",
"lastModified": "2025-09-04T18:35:50.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T05:15:26.677",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319364"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319364"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626695"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_46/46.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-20 20:15
Modified
2025-09-02 18:22
Severity ?
Summary
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_14/14.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320776 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.320776 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631518 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Este problema afecta a la funci\u00f3n WPSSTAPINEnr del archivo /goform/WPSSTAPINEnr. La manipulaci\u00f3n del argumento ssid provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9245",
"lastModified": "2025-09-02T18:22:20.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-20T20:15:34.077",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_14/14.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.320776"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320776"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631518"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-02 11:15
Modified
2025-06-25 18:10
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_4/4.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.310780 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.310780 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.584363 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad cr\u00edtica en los Linksys RE6500, RE6250, RE6300, RE6350, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n setDeviceURL del archivo /goform/setDeviceURL. La manipulaci\u00f3n del argumento DeviceURL provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-5441",
"lastModified": "2025-06-25T18:10:53.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-02T11:15:23.060",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_4/4.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.310780"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.310780"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.584363"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-10 23:15
Modified
2025-09-04 18:41
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319352 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319352 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626682 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Este problema afecta a la funci\u00f3n setDFSSetting del archivo /goform/setLan. La manipulaci\u00f3n del argumento lanNetmask/lanIp provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8818",
"lastModified": "2025-09-04T18:41:21.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-10T23:15:25.737",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319352"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319352"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626682"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_52/52.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-20 22:15
Modified
2025-09-02 18:23
Severity ?
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320781 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.320781 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631523 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n setPWDbyBBS del archivo /goform/setPWDbyBBS. Esta manipulaci\u00f3n de la sugerencia del argumento provoca un desbordamiento del b\u00fafer en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9250",
"lastModified": "2025-09-02T18:23:17.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-20T22:15:29.850",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.320781"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320781"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631523"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-02 14:15
Modified
2025-07-02 01:07
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_10/10.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.310786 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.310786 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.584369 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Linksys RE6500, RE6250, RE6300, RE6350, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n ssid1MACFilter del archivo /goform/ssid1MACFilter. La manipulaci\u00f3n del argumento apselect_%d/newap_text_%d provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-5447",
"lastModified": "2025-07-02T01:07:18.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-02T14:15:24.400",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_10/10.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.310786"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.310786"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.584369"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-23 12:15
Modified
2025-09-02 18:18
Severity ?
Summary
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. Performing manipulation of the argument ipRangeBlockRuleName/scheduleIp/ipRangeBlockRuleIpAddr results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_29/29.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_29/29.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321064 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321064 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631533 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. Performing manipulation of the argument ipRangeBlockRuleName/scheduleIp/ipRangeBlockRuleIpAddr results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. El elemento afectado es la funci\u00f3n ipRangeBlockManageRule del archivo /goform/ipRangeBlockManageRule. La manipulaci\u00f3n del argumento ipRangeBlockRuleName/scheduleIp/ipRangeBlockRuleIpAddr provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9361",
"lastModified": "2025-09-02T18:18:57.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-23T12:15:32.313",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_29/29.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_29/29.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321064"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321064"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631533"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-23 14:15
Modified
2025-09-02 18:18
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function urlFilterManageRule of the file /goform/urlFilterManageRule. Executing manipulation of the argument urlFilterRuleName/scheduleUrl/addURLFilter can lead to stack-based buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_30/30.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321065 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321065 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631534 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function urlFilterManageRule of the file /goform/urlFilterManageRule. Executing manipulation of the argument urlFilterRuleName/scheduleUrl/addURLFilter can lead to stack-based buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una falla en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. El elemento afectado es la funci\u00f3n urlFilterManageRule del archivo /goform/urlFilterManageRule. La manipulaci\u00f3n del argumento urlFilterRuleName/scheduleUrl/addURLFilter puede provocar un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta revelaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9362",
"lastModified": "2025-09-02T18:18:50.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-23T14:15:31.473",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_30/30.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321065"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321065"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631534"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 07:15
Modified
2025-09-04 18:34
Severity ?
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function langSwitchBack of the file /goform/langSwitchBack. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319367 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319367 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626698 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function langSwitchBack of the file /goform/langSwitchBack. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Este problema afecta a la funci\u00f3n langSwitchBack del archivo /goform/langSwitchBack. La manipulaci\u00f3n del argumento langSelectionOnly provoca un desbordamiento del b\u00fafer en la pila. El ataque puede iniciarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8833",
"lastModified": "2025-09-04T18:34:01.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T07:15:32.040",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319367"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319367"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626698"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_38/38.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-20 21:15
Modified
2025-09-02 18:22
Severity ?
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ssidhex results in stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_17/17.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320779 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.320779 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631521 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_17/17.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function RP_pingGatewayByBBS of the file /goform/RP_pingGatewayByBBS. The manipulation of the argument ssidhex results in stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. El elemento afectado es la funci\u00f3n RP_pingGatewayByBBS del archivo /goform/RP_pingGatewayByBBS. La manipulaci\u00f3n del argumento ssidhex provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9248",
"lastModified": "2025-09-02T18:22:42.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-20T21:15:32.630",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_17/17.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.320779"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320779"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631521"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_17/17.md"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-02 13:15
Modified
2025-06-10 15:15
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_8/8.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.310784 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.310784 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.584367 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_8/8.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the file /goform/RP_checkFWByBBS. The manipulation of the argument type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Linksys RE6500, RE6250, RE6300, RE6350, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001, clasificada como cr\u00edtica. Este problema afecta a la funci\u00f3n RP_checkFWByBBS del archivo /goform/RP_checkFWByBBS. La manipulaci\u00f3n del argumento type/ch/ssidhex/security/extch/pwd/mode/ip/nm/gw provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-5445",
"lastModified": "2025-06-10T15:15:02.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-02T13:15:22.910",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_8/8.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.310784"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.310784"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.584367"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_8/8.md"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-26 14:15
Modified
2025-09-02 18:08
Severity ?
Summary
A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function singlePortForwardAdd of the file /goform/singlePortForwardAdd. This manipulation of the argument ruleName/schedule/inboundFilter causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321398 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321398 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.634823 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function singlePortForwardAdd of the file /goform/singlePortForwardAdd. This manipulation of the argument ruleName/schedule/inboundFilter causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una falla en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. La funci\u00f3n singlePortForwardAdd del archivo /goform/singlePortForwardAdd se ve afectada. Esta manipulaci\u00f3n del argumento ruleName/schedule/inboundFilter provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9483",
"lastModified": "2025-09-02T18:08:02.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-26T14:15:47.887",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321398"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321398"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.634823"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_37/37.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-02 10:15
Modified
2025-07-02 18:07
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_3/3.md | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.310779 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.310779 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.584362 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The manipulation of the argument manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en los Linksys RE6500, RE6250, RE6300, RE6350, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta la funci\u00f3n NTP del archivo /goform/NTP. La manipulaci\u00f3n del argumento manual_year_select/manual_month_select/manual_day_select/manual_hour_select/manual_min_select/manual_sec_select provoca la inyecci\u00f3n de comandos del sistema operativo. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-5440",
"lastModified": "2025-07-02T18:07:16.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-02T10:15:22.180",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_3/3.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.310779"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.310779"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.584362"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-10 22:15
Modified
2025-09-04 18:41
Severity ?
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setLan of the file /goform/setLan. The manipulation of the argument lan2enabled leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319351 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319351 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626681 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setLan of the file /goform/setLan. The manipulation of the argument lan2enabled leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Esta vulnerabilidad afecta a la funci\u00f3n setLan del archivo /goform/setLan. La manipulaci\u00f3n del argumento lan2enabled provoca un desbordamiento del b\u00fafer en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8817",
"lastModified": "2025-09-04T18:41:33.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-10T22:15:27.447",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319351"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319351"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626681"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_51/51.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-02 09:15
Modified
2025-07-02 18:08
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_1/1.md | Exploit | |
| cna@vuldb.com | https://vuldb.com/?ctiid.310777 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.310777 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.584360 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Linksys RE6500, RE6250, RE6300, RE6350, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Se ha declarado cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n WPS del archivo /goform/WPS. La manipulaci\u00f3n del argumento PIN provoca la inyecci\u00f3n de comandos. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-5438",
"lastModified": "2025-07-02T18:08:56.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-02T09:15:21.280",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_1/1.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.310777"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.310777"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.584360"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 05:15
Modified
2025-09-04 18:35
Severity ?
Summary
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function remoteManagement of the file /goform/remoteManagement. The manipulation of the argument portNumber leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319365 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319365 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626696 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function remoteManagement of the file /goform/remoteManagement. The manipulation of the argument portNumber leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Esta vulnerabilidad afecta a la funci\u00f3n remoteManagement del archivo /goform/remoteManagement. La manipulaci\u00f3n del argumento portNumber provoca un desbordamiento del b\u00fafer en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8831",
"lastModified": "2025-09-04T18:35:26.697",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T05:15:26.957",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319365"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319365"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626696"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_47/47.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-20 22:15
Modified
2025-09-02 18:23
Severity ?
Summary
A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function DisablePasswordAlertRedirect of the file /goform/DisablePasswordAlertRedirect. Executing manipulation of the argument hint can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_21/21.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320783 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.320783 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631525 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_21/21.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function DisablePasswordAlertRedirect of the file /goform/DisablePasswordAlertRedirect. Executing manipulation of the argument hint can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n DisablePasswordAlertRedirect del archivo /goform/DisablePasswordAlertRedirect. La manipulaci\u00f3n de la sugerencia de argumento puede provocar un desbordamiento del b\u00fafer en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta vulnerabilidad, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9252",
"lastModified": "2025-09-02T18:23:04.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-20T22:15:30.327",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_21/21.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.320783"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320783"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631525"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_21/21.md"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-02 12:15
Modified
2025-06-10 15:14
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_6/6.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.310782 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.310782 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.584365 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_6/6.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden. The manipulation of the argument ExtChSelector/24GSelector/5GSelector leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en los Linksys RE6500, RE6250, RE6300, RE6350, RE7000 y RE9000 (versi\u00f3n 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001). La funci\u00f3n wirelessAdvancedHidden del archivo /goform/wirelessAdvancedHidden se ve afectada. La manipulaci\u00f3n del argumento ExtChSelector/24GSelector/5GSelector provoca la inyecci\u00f3n de comandos del sistema operativo. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-5443",
"lastModified": "2025-06-10T15:14:40.057",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-06-02T12:15:26.143",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_6/6.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.310782"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.310782"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.584365"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_6/6.md"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 06:15
Modified
2025-09-04 18:33
Severity ?
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319366 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319366 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626697 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta 20250801. Esta vulnerabilidad afecta a la funci\u00f3n setDMZ del archivo /goform/setDMZ. La manipulaci\u00f3n del argumento DMZIPAddress provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede iniciarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8832",
"lastModified": "2025-09-04T18:33:53.677",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T06:15:28.230",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319366"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319366"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626697"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_48/48.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-20 20:15
Modified
2025-09-02 18:22
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument staticRoute_IP_setting/staticRoute_Netmask_setting/staticRoute_Gateway_setting/staticRoute_Metric_setting/staticRoute_destType_setting leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_11/11.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320775 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.320775 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631517 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation of the argument staticRoute_IP_setting/staticRoute_Netmask_setting/staticRoute_Gateway_setting/staticRoute_Metric_setting/staticRoute_destType_setting leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad de seguridad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n addStaticRoute del archivo /goform/addStaticRoute. Esta manipulaci\u00f3n del argumento staticRoute_IP_setting/staticRoute_Netmask_setting/staticRoute_Gateway_setting/staticRoute_Metric_setting/staticRoute_destType_setting provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"id": "CVE-2025-9244",
"lastModified": "2025-09-02T18:22:11.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-20T20:15:33.837",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_11/11.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.320775"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320775"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631517"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-24 16:15
Modified
2025-09-02 18:18
Severity ?
Summary
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument profile_name/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.321226 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.321226 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631538 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument profile_name/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n addStaProfile del archivo /goform/addStaProfile. La manipulaci\u00f3n del argumento nombre_perfil/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9393",
"lastModified": "2025-09-02T18:18:17.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-24T16:15:30.250",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.321226"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.321226"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631538"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_33/33.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 03:15
Modified
2025-09-04 18:38
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319359 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319359 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626690 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. Esta vulnerabilidad afecta a la funci\u00f3n RP_setBasicAuto del archivo /goform/RP_setBasicAuto. La manipulaci\u00f3n del argumento staticIp/staticNetmask provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8825",
"lastModified": "2025-09-04T18:38:00.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T03:15:25.150",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319359"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319359"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626690"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_41/41.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-20 21:15
Modified
2025-09-02 18:22
Severity ?
Summary
A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file /goform/setVlan. The manipulation of the argument vlan_set leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_16/16.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320778 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.320778 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631520 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_16/16.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function setVlan of the file /goform/setVlan. The manipulation of the argument vlan_set leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. El elemento afectado es la funci\u00f3n setVlan del archivo /goform/setVlan. La manipulaci\u00f3n del argumento vlan_set provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9247",
"lastModified": "2025-09-02T18:22:35.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-20T21:15:32.393",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_16/16.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.320778"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320778"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631520"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_16/16.md"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-20 22:15
Modified
2025-09-02 18:23
Severity ?
Summary
A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function sta_wps_pin of the file /goform/sta_wps_pin. Performing manipulation of the argument Ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_20/20.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.320782 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.320782 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.631524 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_20/20.md | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function sta_wps_pin of the file /goform/sta_wps_pin. Performing manipulation of the argument Ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha descubierto una falla de seguridad en los Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. La funci\u00f3n sta_wps_pin del archivo /goform/sta_wps_pin se ve afectada. La manipulaci\u00f3n del argumento SSID provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-9251",
"lastModified": "2025-09-02T18:23:09.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cna@vuldb.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-20T22:15:30.080",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_20/20.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
],
"url": "https://vuldb.com/?ctiid.320782"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.320782"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.631524"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_20/20.md"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-08-11 04:15
Modified
2025-09-04 18:36
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md#poc | Exploit, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.319362 | Permissions Required, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.319362 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?submit.626693 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://www.linksys.com/ | Product | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md#poc | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 | |
| linksys | re6250 | - | |
| linksys | re6300_firmware | 1.2.07.001 | |
| linksys | re6300 | - | |
| linksys | re6350_firmware | 1.0.04.001 | |
| linksys | re6350 | - | |
| linksys | re7000_firmware | 1.1.05.003 | |
| linksys | re7000 | - | |
| linksys | re9000_firmware | 1.0.04.002 | |
| linksys | re9000 | - | |
| linksys | re6500_firmware | 1.0.013.001 | |
| linksys | re6500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "70728D67-153A-49FA-80E2-0DE9086DA253",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*",
"matchCriteriaId": "898FD49F-4225-47FF-822C-9E4FFB5EE192",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3A6A93-D598-4F52-808C-EAA45B468066",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25647318-6422-418C-99B8-C806FF490028",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFD3F65-E520-415D-BAB8-57FACEA5BEC7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC2325A-068F-4B5E-A365-6BF1103E320E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D04E83B6-EE99-42EB-AA37-895B1467CEDA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*",
"matchCriteriaId": "11F24125-412F-473A-BF34-02284F8DAC2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7424D2C2-BCF4-4B2D-BE59-71B50B13FE77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*",
"matchCriteriaId": "92354C9C-D1B2-4143-803D-DE5EF7842184",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52622B22-2E42-443B-81DA-7C42ECCF0564",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 hasta la versi\u00f3n 20250801. La funci\u00f3n ipv6cmd del archivo /goform/setIpv6 se ve afectada. La manipulaci\u00f3n del argumento Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen provoca la inyecci\u00f3n de comandos del sistema operativo. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."
}
],
"id": "CVE-2025-8828",
"lastModified": "2025-09-04T18:36:46.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
},
"published": "2025-08-11T04:15:45.507",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md"
},
{
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md#poc"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.319362"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.319362"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?submit.626693"
},
{
"source": "cna@vuldb.com",
"tags": [
"Product"
],
"url": "https://www.linksys.com/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys1/vuln_44/44.md#poc"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
},
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
}
]
}