CVE-2025-9250 (GCVE-0-2025-9250)
Vulnerability from cvelistv5 – Published: 2025-08-20 21:32 – Updated: 2025-08-21 14:48
VLAI?
Summary
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Linksys | RE6250 |
Affected:
1.0.013.001
Affected: 1.0.04.001 Affected: 1.0.04.002 Affected: 1.1.05.003 Affected: 1.2.07.001 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
Credits
pjqwudi (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9250",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-21T14:40:59.766644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T14:48:17.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "RE6250",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6300",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6350",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE6500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE7000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
},
{
"product": "RE9000",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "1.0.013.001"
},
{
"status": "affected",
"version": "1.0.04.001"
},
{
"status": "affected",
"version": "1.0.04.002"
},
{
"status": "affected",
"version": "1.1.05.003"
},
{
"status": "affected",
"version": "1.2.07.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "pjqwudi (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Dabei betrifft es die Funktion setPWDbyBBS der Datei /goform/setPWDbyBBS. Die Bearbeitung des Arguments hint verursacht stack-based buffer overflow. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-20T21:32:06.411Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320781 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setPWDbyBBS stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320781"
},
{
"name": "VDB-320781 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320781"
},
{
"name": "Submit #631523 | Linksys RE6500\u3001RE6250\u3001RE6300\u3001RE6350\u3001RE7000\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.631523"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-20T13:22:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setPWDbyBBS stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9250",
"datePublished": "2025-08-20T21:32:06.411Z",
"dateReserved": "2025-08-20T11:16:55.733Z",
"dateUpdated": "2025-08-21T14:48:17.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-9250\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-08-20T22:15:29.850\",\"lastModified\":\"2025-09-02T18:23:17.187\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.\"},{\"lang\":\"es\",\"value\":\"Se identific\u00f3 una vulnerabilidad en Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Esta vulnerabilidad afecta a la funci\u00f3n setPWDbyBBS del archivo /goform/setPWDbyBBS. Esta manipulaci\u00f3n de la sugerencia del argumento provoca un desbordamiento del b\u00fafer en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":9.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"},{\"lang\":\"en\",\"value\":\"CWE-121\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linksys:re6250_firmware:1.0.04.001:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70728D67-153A-49FA-80E2-0DE9086DA253\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:linksys:re6250:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"898FD49F-4225-47FF-822C-9E4FFB5EE192\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linksys:re6300_firmware:1.2.07.001:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E3A6A93-D598-4F52-808C-EAA45B468066\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:linksys:re6300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25647318-6422-418C-99B8-C806FF490028\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linksys:re6350_firmware:1.0.04.001:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E0A8CCC-BD94-4865-9C0C-B60BD375CDC8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:linksys:re6350:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FFD3F65-E520-415D-BAB8-57FACEA5BEC7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linksys:re7000_firmware:1.1.05.003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DC2325A-068F-4B5E-A365-6BF1103E320E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:linksys:re7000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D04E83B6-EE99-42EB-AA37-895B1467CEDA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linksys:re9000_firmware:1.0.04.002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11F24125-412F-473A-BF34-02284F8DAC2D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:linksys:re9000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7424D2C2-BCF4-4B2D-BE59-71B50B13FE77\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linksys:re6500_firmware:1.0.013.001:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92354C9C-D1B2-4143-803D-DE5EF7842184\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:linksys:re6500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52622B22-2E42-443B-81DA-7C42ECCF0564\"}]}]}],\"references\":[{\"url\":\"https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.320781\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://vuldb.com/?id.320781\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.631523\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.linksys.com/\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-9250\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-21T14:40:59.766644Z\"}}}], \"references\": [{\"url\": \"https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-21T13:26:12.183Z\"}}], \"cna\": {\"title\": \"Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setPWDbyBBS stack-based overflow\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"pjqwudi (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 9, \"vectorString\": \"AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR\"}}], \"affected\": [{\"vendor\": \"Linksys\", \"product\": \"RE6250\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.013.001\"}, {\"status\": \"affected\", \"version\": \"1.0.04.001\"}, {\"status\": \"affected\", \"version\": \"1.0.04.002\"}, {\"status\": \"affected\", \"version\": \"1.1.05.003\"}, {\"status\": \"affected\", \"version\": \"1.2.07.001\"}]}, {\"vendor\": \"Linksys\", \"product\": \"RE6300\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.013.001\"}, {\"status\": \"affected\", \"version\": \"1.0.04.001\"}, {\"status\": \"affected\", \"version\": \"1.0.04.002\"}, {\"status\": \"affected\", \"version\": \"1.1.05.003\"}, {\"status\": \"affected\", \"version\": \"1.2.07.001\"}]}, {\"vendor\": \"Linksys\", \"product\": \"RE6350\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.013.001\"}, {\"status\": \"affected\", \"version\": \"1.0.04.001\"}, {\"status\": \"affected\", \"version\": \"1.0.04.002\"}, {\"status\": \"affected\", \"version\": \"1.1.05.003\"}, {\"status\": \"affected\", \"version\": \"1.2.07.001\"}]}, {\"vendor\": \"Linksys\", \"product\": \"RE6500\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.013.001\"}, {\"status\": \"affected\", \"version\": \"1.0.04.001\"}, {\"status\": \"affected\", \"version\": \"1.0.04.002\"}, {\"status\": \"affected\", \"version\": \"1.1.05.003\"}, {\"status\": \"affected\", \"version\": \"1.2.07.001\"}]}, {\"vendor\": \"Linksys\", \"product\": \"RE7000\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.013.001\"}, {\"status\": \"affected\", \"version\": \"1.0.04.001\"}, {\"status\": \"affected\", \"version\": \"1.0.04.002\"}, {\"status\": \"affected\", \"version\": \"1.1.05.003\"}, {\"status\": \"affected\", \"version\": \"1.2.07.001\"}]}, {\"vendor\": \"Linksys\", \"product\": \"RE9000\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.013.001\"}, {\"status\": \"affected\", \"version\": \"1.0.04.001\"}, {\"status\": \"affected\", \"version\": \"1.0.04.002\"}, {\"status\": \"affected\", \"version\": \"1.1.05.003\"}, {\"status\": \"affected\", \"version\": \"1.2.07.001\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-20T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-08-20T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-08-20T13:22:17.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.320781\", \"name\": \"VDB-320781 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 setPWDbyBBS stack-based overflow\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.320781\", \"name\": \"VDB-320781 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.631523\", \"name\": \"Submit #631523 | Linksys RE6500\\u3001RE6250\\u3001RE6300\\u3001RE6350\\u3001RE7000\\u3001RE9000 RE6500(1.0.013.001) RE6250(1.0.04.001) RE6300(1.2.07.001) RE6350(1.0.04.001) RE7000(1.1.05.003) RE9000(1.0.04.002) Stack-based Buffer Overflow\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_19/19.md\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.linksys.com/\", \"tags\": [\"product\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function setPWDbyBBS of the file /goform/setPWDbyBBS. Such manipulation of the argument hint leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.\"}, {\"lang\": \"de\", \"value\": \"Es wurde eine Schwachstelle in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 entdeckt. Dabei betrifft es die Funktion setPWDbyBBS der Datei /goform/setPWDbyBBS. Die Bearbeitung des Arguments hint verursacht stack-based buffer overflow. Der Angriff kann \\u00fcber das Netzwerk passieren. Der Exploit wurde der \\u00d6ffentlichkeit bekannt gemacht und k\\u00f6nnte verwendet werden.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-121\", \"description\": \"Stack-based Buffer Overflow\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"Memory Corruption\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-08-20T21:32:06.411Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-9250\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-08-21T14:48:17.998Z\", \"dateReserved\": \"2025-08-20T11:16:55.733Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-08-20T21:32:06.411Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…