CVE-2025-9361

Summary

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. Performing manipulation of the argument ipRangeBlockRuleName/scheduleIp/ipRangeBlockRuleIpAddr results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
LinksysRE62501.0.013.001affected
LinksysRE62501.0.04.001affected
LinksysRE62501.0.04.002affected
LinksysRE62501.1.05.003affected
LinksysRE62501.2.07.001affected
LinksysRE63001.0.013.001affected
LinksysRE63001.0.04.001affected
LinksysRE63001.0.04.002affected
LinksysRE63001.1.05.003affected
LinksysRE63001.2.07.001affected
LinksysRE63501.0.013.001affected
LinksysRE63501.0.04.001affected
LinksysRE63501.0.04.002affected
LinksysRE63501.1.05.003affected
LinksysRE63501.2.07.001affected
LinksysRE65001.0.013.001affected
LinksysRE65001.0.04.001affected
LinksysRE65001.0.04.002affected
LinksysRE65001.1.05.003affected
LinksysRE65001.2.07.001affected
LinksysRE70001.0.013.001affected
LinksysRE70001.0.04.001affected
LinksysRE70001.0.04.002affected
LinksysRE70001.1.05.003affected
LinksysRE70001.2.07.001affected
LinksysRE90001.0.013.001affected
LinksysRE90001.0.04.001affected
LinksysRE90001.0.04.002affected
LinksysRE90001.1.05.003affected
LinksysRE90001.2.07.001affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References