CWE-121

CVE-2025-9300 (GCVE-0-2025-9300)

Vulnerability from cvelistv5 – Published: 2025-08-21 13:02 – Updated: 2025-08-21 14:46

Title

saitoha libsixel img2sixel encoder.c sixel_debug_print_palette stack-based overflow

Summary

A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue.

Severity

4.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow
CWE-119 - Memory Corruption

Assigner

VulDB

References

7 references

URL	Tags
https://vuldb.com/?id.320905	vdb-entrytechnical-description
https://vuldb.com/?ctiid.320905	signaturepermissions-required
https://vuldb.com/?submit.632366	third-party-advisory
https://github.com/saitoha/libsixel/issues/200	issue-tracking
https://github.com/saitoha/libsixel/issues/200#is…	issue-tracking
https://drive.google.com/file/d/1IIvvRFgUQZcySqeo…	exploit
https://github.com/saitoha/libsixel/commit/316c08…	patch

Impacted products

1 product

Vendor	Product	Version
saitoha	libsixel	Affected: 1.10.0 Affected: 1.10.1 Affected: 1.10.2 Affected: 1.10.3

Credits

xdcao (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9300",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-21T13:22:45.636966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-21T14:46:37.782Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://vuldb.com/?submit.632366"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/saitoha/libsixel/issues/200#issuecomment-3178785635"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/saitoha/libsixel/commit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/saitoha/libsixel/issues/200"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "img2sixel"
          ],
          "product": "libsixel",
          "vendor": "saitoha",
          "versions": [
            {
              "status": "affected",
              "version": "1.10.0"
            },
            {
              "status": "affected",
              "version": "1.10.1"
            },
            {
              "status": "affected",
              "version": "1.10.2"
            },
            {
              "status": "affected",
              "version": "1.10.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "xdcao (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation results in stack-based buffer overflow. The attack must be initiated from a local position. The exploit has been made public and could be used. The patch is identified as 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Applying a patch is advised to resolve this issue."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in saitoha libsixel bis 1.10.3 entdeckt. Das betrifft die Funktion sixel_debug_print_palette der Datei src/encoder.c der Komponente img2sixel. Die Manipulation f\u00fchrt zu stack-based buffer overflow. Der Angriff muss lokal durchgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Name des Patches ist 316c086e79d66b62c0c4bc66229ee894e4fdb7d1. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4.3,
            "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-21T13:02:08.108Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-320905 | saitoha libsixel img2sixel encoder.c sixel_debug_print_palette stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.320905"
        },
        {
          "name": "VDB-320905 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.320905"
        },
        {
          "name": "Submit #632366 | LibSixel  img2sixel  LibSixel version 1.10.3 (commit 6dd664c) compiled on Aug 2 2025 and the newest master version. Heap Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.632366"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/saitoha/libsixel/issues/200"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/saitoha/libsixel/issues/200#issuecomment-3178785635"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://drive.google.com/file/d/1IIvvRFgUQZcySqeoqXXhsxd0HZCjClJ7/view?usp=sharing"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/saitoha/libsixel/commit/316c086e79d66b62c0c4bc66229ee894e4fdb7d1"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-21T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-21T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-21T07:30:11.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "saitoha libsixel img2sixel encoder.c sixel_debug_print_palette stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9300",
    "datePublished": "2025-08-21T13:02:08.108Z",
    "dateReserved": "2025-08-21T05:25:08.724Z",
    "dateUpdated": "2025-08-21T14:46:37.782Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9336 (GCVE-0-2025-9336)

Vulnerability from cvelistv5 – Published: 2025-10-13 09:24 – Updated: 2025-10-14 14:37

Summary

A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information.

Severity

6.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-121 - - Stack-based Buffer Overflow

Assigner

ASUS

References

1 reference

URL	Tags
https://www.asus.com/security-advisory/	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
ASUS	Armoury Crate	Affected: Before v6.3.4

Credits

neseesun

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9336",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-14T14:35:06.177598Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-14T14:37:01.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Armoury Crate",
          "vendor": "ASUS",
          "versions": [
            {
              "status": "affected",
              "version": "Before v6.3.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "neseesun"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. \u003cbr\u003eRefer to the \u0027Security Update for Armoury Crate App\u0027 section on the ASUS Security Advisory for more information."
            }
          ],
          "value": "A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other potentially undefined execution. \nRefer to the \u0027Security Update for Armoury Crate App\u0027 section on the ASUS Security Advisory for more information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 - Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-13T09:24:04.749Z",
        "orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
        "shortName": "ASUS"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.asus.com/security-advisory/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
    "assignerShortName": "ASUS",
    "cveId": "CVE-2025-9336",
    "datePublished": "2025-10-13T09:24:04.749Z",
    "dateReserved": "2025-08-22T02:50:55.190Z",
    "dateUpdated": "2025-10-14T14:37:01.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9355 (GCVE-0-2025-9355)

Vulnerability from cvelistv5 – Published: 2025-08-22 21:02 – Updated: 2025-08-25 19:22

Title

Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 scheduleAdd stack-based overflow

Summary

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function scheduleAdd of the file /goform/scheduleAdd. Performing manipulation of the argument ruleName results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow
CWE-119 - Memory Corruption

Assigner

VulDB

References

6 references

URL	Tags
https://vuldb.com/?id.321058	vdb-entrytechnical-description
https://vuldb.com/?ctiid.321058	signaturepermissions-required
https://vuldb.com/?submit.631527	third-party-advisory
https://github.com/wudipjq/my_vuln/blob/main/Link…	related
https://github.com/wudipjq/my_vuln/blob/main/Link…	exploit
https://www.linksys.com/	product

Impacted products

6 products

Vendor	Product	Version
Linksys	RE6250	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6300	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6350	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6500	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE7000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE9000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001

Credits

pjq123 (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9355",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-25T19:22:54.229574Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-25T19:22:58.106Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md#poc"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjq123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function scheduleAdd of the file /goform/scheduleAdd. Performing manipulation of the argument ruleName results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle gefunden. Es geht um die Funktion scheduleAdd der Datei /goform/scheduleAdd. Durch Beeinflussen des Arguments ruleName mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-22T21:02:07.395Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-321058 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 scheduleAdd stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.321058"
        },
        {
          "name": "VDB-321058 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.321058"
        },
        {
          "name": "Submit #631527 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.631527"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_23/23.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-22T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-22T17:45:38.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 scheduleAdd stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9355",
    "datePublished": "2025-08-22T21:02:07.395Z",
    "dateReserved": "2025-08-22T15:40:10.106Z",
    "dateUpdated": "2025-08-25T19:22:58.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9356 (GCVE-0-2025-9356)

Vulnerability from cvelistv5 – Published: 2025-08-22 21:02 – Updated: 2025-08-26 14:29

Title

Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 inboundFilterAdd stack-based overflow

Summary

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can lead to stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow
CWE-119 - Memory Corruption

Assigner

VulDB

References

6 references

URL	Tags
https://vuldb.com/?id.321059	vdb-entrytechnical-description
https://vuldb.com/?ctiid.321059	signaturepermissions-required
https://vuldb.com/?submit.631528	third-party-advisory
https://github.com/wudipjq/my_vuln/blob/main/Link…	related
https://github.com/wudipjq/my_vuln/blob/main/Link…	exploit
https://www.linksys.com/	product

Impacted products

6 products

Vendor	Product	Version
Linksys	RE6250	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6300	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6350	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6500	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE7000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE9000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001

Credits

pjq123 (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9356",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-26T14:29:51.608197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-26T14:29:54.383Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjq123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can lead to stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 ist eine Schwachstelle entdeckt worden. Es geht hierbei um die Funktion inboundFilterAdd der Datei /goform/inboundFilterAdd. Die Manipulation des Arguments ruleName f\u00fchrt zu stack-based buffer overflow. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-22T21:02:09.690Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-321059 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 inboundFilterAdd stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.321059"
        },
        {
          "name": "VDB-321059 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.321059"
        },
        {
          "name": "Submit #631528 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.631528"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-22T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-22T17:45:40.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 inboundFilterAdd stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9356",
    "datePublished": "2025-08-22T21:02:09.690Z",
    "dateReserved": "2025-08-22T15:40:13.173Z",
    "dateUpdated": "2025-08-26T14:29:54.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9357 (GCVE-0-2025-9357)

Vulnerability from cvelistv5 – Published: 2025-08-23 06:02 – Updated: 2025-08-25 18:19

Title

Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 langSwitchByBBS stack-based overflow

Summary

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function langSwitchByBBS of the file /goform/langSwitchByBBS. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow
CWE-119 - Memory Corruption

Assigner

VulDB

References

6 references

URL	Tags
https://vuldb.com/?id.321060	vdb-entrytechnical-description
https://vuldb.com/?ctiid.321060	signaturepermissions-required
https://vuldb.com/?submit.631529	third-party-advisory
https://github.com/wudipjq/my_vuln/blob/main/Link…	related
https://github.com/wudipjq/my_vuln/blob/main/Link…	exploit
https://www.linksys.com/	product

Impacted products

6 products

Vendor	Product	Version
Linksys	RE6250	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6300	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6350	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6500	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE7000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE9000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001

Credits

pjq123 (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9357",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-25T18:18:31.836564Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-25T18:19:15.727Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjq123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function langSwitchByBBS of the file /goform/langSwitchByBBS. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 gefunden. Es geht dabei um die Funktion langSwitchByBBS der Datei /goform/langSwitchByBBS. Die Ver\u00e4nderung des Parameters langSelectionOnly resultiert in stack-based buffer overflow. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-23T06:02:05.980Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-321060 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 langSwitchByBBS stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.321060"
        },
        {
          "name": "VDB-321060 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.321060"
        },
        {
          "name": "Submit #631529 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.631529"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_25/25.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_25/25.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-22T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-22T17:45:42.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 langSwitchByBBS stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9357",
    "datePublished": "2025-08-23T06:02:05.980Z",
    "dateReserved": "2025-08-22T15:40:15.687Z",
    "dateUpdated": "2025-08-25T18:19:15.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9358 (GCVE-0-2025-9358)

Vulnerability from cvelistv5 – Published: 2025-08-23 07:32 – Updated: 2025-08-25 18:14

Title

Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setSysAdm stack-based overflow

Summary

A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setSysAdm of the file /goform/setSysAdm. The manipulation of the argument admpasshint results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow
CWE-119 - Memory Corruption

Assigner

VulDB

References

6 references

URL	Tags
https://vuldb.com/?id.321061	vdb-entrytechnical-description
https://vuldb.com/?ctiid.321061	signaturepermissions-required
https://vuldb.com/?submit.631530	third-party-advisory
https://github.com/wudipjq/my_vuln/blob/main/Link…	related
https://github.com/wudipjq/my_vuln/blob/main/Link…	exploit
https://www.linksys.com/	product

Impacted products

6 products

Vendor	Product	Version
Linksys	RE6250	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6300	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6350	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6500	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE7000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE9000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001

Credits

pjq123 (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9358",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-25T18:13:59.042748Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-25T18:14:09.791Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjq123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setSysAdm of the file /goform/setSysAdm. The manipulation of the argument admpasshint results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Dabei geht es um die Funktion setSysAdm der Datei /goform/setSysAdm. Die Bearbeitung des Arguments admpasshint verursacht stack-based buffer overflow. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-23T07:32:06.304Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-321061 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setSysAdm stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.321061"
        },
        {
          "name": "VDB-321061 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.321061"
        },
        {
          "name": "Submit #631530 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.631530"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_26/26.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_26/26.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-22T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-22T17:45:43.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setSysAdm stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9358",
    "datePublished": "2025-08-23T07:32:06.304Z",
    "dateReserved": "2025-08-22T15:40:18.364Z",
    "dateUpdated": "2025-08-25T18:14:09.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9359 (GCVE-0-2025-9359)

Vulnerability from cvelistv5 – Published: 2025-08-23 09:32 – Updated: 2025-08-25 18:13

Title

Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_checkCredentialsByBBS stack-based overflow

Summary

A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. This manipulation of the argument ssidhex/pwd causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow
CWE-119 - Memory Corruption

Assigner

VulDB

References

6 references

URL	Tags
https://vuldb.com/?id.321062	vdb-entrytechnical-description
https://vuldb.com/?ctiid.321062	signaturepermissions-required
https://vuldb.com/?submit.631531	third-party-advisory
https://github.com/wudipjq/my_vuln/blob/main/Link…	related
https://github.com/wudipjq/my_vuln/blob/main/Link…	exploit
https://www.linksys.com/	product

Impacted products

6 products

Vendor	Product	Version
Linksys	RE6250	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6300	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6350	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6500	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE7000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE9000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001

Credits

pjq123 (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9359",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-25T18:09:34.716859Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-25T18:13:23.246Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjq123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. This manipulation of the argument ssidhex/pwd causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 wurde eine Schwachstelle gefunden. Hierbei geht es um die Funktion RP_checkCredentialsByBBS der Datei /goform/RP_checkCredentialsByBBS. Dank der Manipulation des Arguments ssidhex/pwd mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-23T09:32:06.481Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-321062 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_checkCredentialsByBBS stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.321062"
        },
        {
          "name": "VDB-321062 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.321062"
        },
        {
          "name": "Submit #631531 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.631531"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_27/27.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_27/27.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-22T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-22T17:45:44.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_checkCredentialsByBBS stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9359",
    "datePublished": "2025-08-23T09:32:06.481Z",
    "dateReserved": "2025-08-22T15:40:20.930Z",
    "dateUpdated": "2025-08-25T18:13:23.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9360 (GCVE-0-2025-9360)

Vulnerability from cvelistv5 – Published: 2025-08-23 10:32 – Updated: 2025-08-25 18:07

Title

Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 accessControlAdd stack-based overflow

Summary

A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function accessControlAdd of the file /goform/accessControlAdd. Such manipulation of the argument ruleName/schedule leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow
CWE-119 - Memory Corruption

Assigner

VulDB

References

6 references

URL	Tags
https://vuldb.com/?id.321063	vdb-entrytechnical-description
https://vuldb.com/?ctiid.321063	signaturepermissions-required
https://vuldb.com/?submit.631532	third-party-advisory
https://github.com/wudipjq/my_vuln/blob/main/Link…	related
https://github.com/wudipjq/my_vuln/blob/main/Link…	exploit
https://www.linksys.com/	product

Impacted products

6 products

Vendor	Product	Version
Linksys	RE6250	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6300	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6350	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6500	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE7000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE9000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001

Credits

pjq123 (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9360",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-25T18:06:22.882035Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-25T18:07:05.251Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjq123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function accessControlAdd of the file /goform/accessControlAdd. Such manipulation of the argument ruleName/schedule leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "In Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 ist eine Schwachstelle entdeckt worden. Betroffen ist die Funktion accessControlAdd der Datei /goform/accessControlAdd. Dank Manipulation des Arguments ruleName/schedule mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-23T10:32:06.525Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-321063 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 accessControlAdd stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.321063"
        },
        {
          "name": "VDB-321063 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.321063"
        },
        {
          "name": "Submit #631532 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.631532"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_28/28.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_28/28.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-22T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-22T17:45:45.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 accessControlAdd stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9360",
    "datePublished": "2025-08-23T10:32:06.525Z",
    "dateReserved": "2025-08-22T15:40:23.697Z",
    "dateUpdated": "2025-08-25T18:07:05.251Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9361 (GCVE-0-2025-9361)

Vulnerability from cvelistv5 – Published: 2025-08-23 12:02 – Updated: 2025-08-25 18:05

Title

Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 ipRangeBlockManageRule stack-based overflow

Summary

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. Performing manipulation of the argument ipRangeBlockRuleName/scheduleIp/ipRangeBlockRuleIpAddr results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow
CWE-119 - Memory Corruption

Assigner

VulDB

References

6 references

URL	Tags
https://vuldb.com/?id.321064	vdb-entrytechnical-description
https://vuldb.com/?ctiid.321064	signaturepermissions-required
https://vuldb.com/?submit.631533	third-party-advisory
https://github.com/wudipjq/my_vuln/blob/main/Link…	related
https://github.com/wudipjq/my_vuln/blob/main/Link…	exploit
https://www.linksys.com/	product

Impacted products

6 products

Vendor	Product	Version
Linksys	RE6250	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6300	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6350	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6500	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE7000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE9000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001

Credits

pjq123 (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9361",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-25T18:05:32.916158Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-25T18:05:48.015Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjq123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. Performing manipulation of the argument ipRangeBlockRuleName/scheduleIp/ipRangeBlockRuleIpAddr results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Eine Schwachstelle wurde in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 gefunden. Es ist betroffen die Funktion ipRangeBlockManageRule der Datei /goform/ipRangeBlockManageRule. Mit der Manipulation des Arguments ipRangeBlockRuleName/scheduleIp/ipRangeBlockRuleIpAddr mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 9,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-23T12:02:06.669Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-321064 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 ipRangeBlockManageRule stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.321064"
        },
        {
          "name": "VDB-321064 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.321064"
        },
        {
          "name": "Submit #631533 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.631533"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_29/29.md"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_29/29.md#poc"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-22T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-22T17:45:47.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 ipRangeBlockManageRule stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9361",
    "datePublished": "2025-08-23T12:02:06.669Z",
    "dateReserved": "2025-08-22T15:40:27.396Z",
    "dateUpdated": "2025-08-25T18:05:48.015Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-9362 (GCVE-0-2025-9362)

Vulnerability from cvelistv5 – Published: 2025-08-23 13:32 – Updated: 2025-08-25 18:04

Title

Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 urlFilterManageRule stack-based overflow

Summary

A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function urlFilterManageRule of the file /goform/urlFilterManageRule. Executing manipulation of the argument urlFilterRuleName/scheduleUrl/addURLFilter can lead to stack-based buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-121 - Stack-based Buffer Overflow
CWE-119 - Memory Corruption

Assigner

VulDB

References

5 references

URL	Tags
https://vuldb.com/?id.321065	vdb-entrytechnical-description
https://vuldb.com/?ctiid.321065	signaturepermissions-required
https://vuldb.com/?submit.631534	third-party-advisory
https://github.com/wudipjq/my_vuln/blob/main/Link…	related
https://www.linksys.com/	product

Impacted products

6 products

Vendor	Product	Version
Linksys	RE6250	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6300	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6350	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE6500	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE7000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001
Linksys	RE9000	Affected: 1.0.013.001 Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001

Credits

pjq123 (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9362",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-25T18:04:39.250330Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-25T18:04:58.391Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "RE6250",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6300",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6350",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE6500",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE7000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        },
        {
          "product": "RE9000",
          "vendor": "Linksys",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.013.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.001"
            },
            {
              "status": "affected",
              "version": "1.0.04.002"
            },
            {
              "status": "affected",
              "version": "1.1.05.003"
            },
            {
              "status": "affected",
              "version": "1.2.07.001"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "pjq123 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function urlFilterManageRule of the file /goform/urlFilterManageRule. Executing manipulation of the argument urlFilterRuleName/scheduleUrl/addURLFilter can lead to stack-based buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Betroffen davon ist die Funktion urlFilterManageRule der Datei /goform/urlFilterManageRule. Durch die Manipulation des Arguments urlFilterRuleName/scheduleUrl/addURLFilter mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-23T13:32:06.431Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-321065 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 urlFilterManageRule stack-based overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.321065"
        },
        {
          "name": "VDB-321065 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.321065"
        },
        {
          "name": "Submit #631534 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001)  RE6250(1.0.04.001)  RE6300(1.2.07.001)  RE6350(1.0.04.001)  RE7000(1.1.05.003)  RE9000(1.0.04.002) Stack-based Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.631534"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_30/30.md"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.linksys.com/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-08-22T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-08-22T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-08-22T17:45:49.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 urlFilterManageRule stack-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-9362",
    "datePublished": "2025-08-23T13:32:06.431Z",
    "dateReserved": "2025-08-22T15:40:30.483Z",
    "dateUpdated": "2025-08-25T18:04:58.391Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CWE-121

Stack-based Buffer Overflow

CVE-2025-9300 (GCVE-0-2025-9300)

CVE-2025-9336 (GCVE-0-2025-9336)

CVE-2025-9355 (GCVE-0-2025-9355)

CVE-2025-9356 (GCVE-0-2025-9356)

CVE-2025-9357 (GCVE-0-2025-9357)

CVE-2025-9358 (GCVE-0-2025-9358)

CVE-2025-9359 (GCVE-0-2025-9359)

CVE-2025-9360 (GCVE-0-2025-9360)

CVE-2025-9361 (GCVE-0-2025-9361)

CVE-2025-9362 (GCVE-0-2025-9362)

Mitigation ID: MIT-10

Mitigation

Mitigation

Mitigation

Mitigation ID: MIT-11