CVE-2025-9246

Summary

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing manipulation of the argument single_port_rule/port_range_rule can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
LinksysRE62501.0.013.001affected
LinksysRE62501.0.04.001affected
LinksysRE62501.0.04.002affected
LinksysRE62501.1.05.003affected
LinksysRE62501.2.07.001affected
LinksysRE63001.0.013.001affected
LinksysRE63001.0.04.001affected
LinksysRE63001.0.04.002affected
LinksysRE63001.1.05.003affected
LinksysRE63001.2.07.001affected
LinksysRE63501.0.013.001affected
LinksysRE63501.0.04.001affected
LinksysRE63501.0.04.002affected
LinksysRE63501.1.05.003affected
LinksysRE63501.2.07.001affected
LinksysRE65001.0.013.001affected
LinksysRE65001.0.04.001affected
LinksysRE65001.0.04.002affected
LinksysRE65001.1.05.003affected
LinksysRE65001.2.07.001affected
LinksysRE70001.0.013.001affected
LinksysRE70001.0.04.001affected
LinksysRE70001.0.04.002affected
LinksysRE70001.1.05.003affected
LinksysRE70001.2.07.001affected
LinksysRE90001.0.013.001affected
LinksysRE90001.0.04.001affected
LinksysRE90001.0.04.002affected
LinksysRE90001.1.05.003affected
LinksysRE90001.2.07.001affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References