CVE-2025-9359

Summary

A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. This manipulation of the argument ssidhex/pwd causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
LinksysRE62501.0.013.001affected
LinksysRE62501.0.04.001affected
LinksysRE62501.0.04.002affected
LinksysRE62501.1.05.003affected
LinksysRE62501.2.07.001affected
LinksysRE63001.0.013.001affected
LinksysRE63001.0.04.001affected
LinksysRE63001.0.04.002affected
LinksysRE63001.1.05.003affected
LinksysRE63001.2.07.001affected
LinksysRE63501.0.013.001affected
LinksysRE63501.0.04.001affected
LinksysRE63501.0.04.002affected
LinksysRE63501.1.05.003affected
LinksysRE63501.2.07.001affected
LinksysRE65001.0.013.001affected
LinksysRE65001.0.04.001affected
LinksysRE65001.0.04.002affected
LinksysRE65001.1.05.003affected
LinksysRE65001.2.07.001affected
LinksysRE70001.0.013.001affected
LinksysRE70001.0.04.001affected
LinksysRE70001.0.04.002affected
LinksysRE70001.1.05.003affected
LinksysRE70001.2.07.001affected
LinksysRE90001.0.013.001affected
LinksysRE90001.0.04.001affected
LinksysRE90001.0.04.002affected
LinksysRE90001.1.05.003affected
LinksysRE90001.2.07.001affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References