CVE-2025-9361

Published: Aug 23, 2025Modified: Sep 2, 2025

7.4

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The affected element is the function ipRangeBlockManageRule of the file /goform/ipRangeBlockManageRule. Performing manipulation of the argument ipRangeBlockRuleName/scheduleIp/ipRangeBlockRuleIpAddr results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (6)

Products: Linksys: Re6250 Firmware, Re6300 Firmware, Re6350 Firmware, Re6500 Firmware, Re7000 Firmware, Re9000 Firmware

6 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6250 Firmware	Version 1.0.04.001

Running on/with	Platform Versions
Linksys Re6250	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6300 Firmware	Version 1.2.07.001

Running on/with	Platform Versions
Linksys Re6300	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6350 Firmware	Version 1.0.04.001

Running on/with	Platform Versions
Linksys Re6350	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re6500 Firmware	Version 1.0.013.001

Running on/with	Platform Versions
Linksys Re6500	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re7000 Firmware	Version 1.1.05.003

Running on/with	Platform Versions
Linksys Re7000	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Linksys Re9000 Firmware	Version 1.0.04.002

Running on/with	Platform Versions
Linksys Re9000	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (6)

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_29/29.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_29/29.md#poc

Source: cna@vuldb.com

ExploitThird Party Advisory

https://vuldb.com/?ctiid.321064

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?id.321064

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.631533

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://www.linksys.com/

Source: cna@vuldb.com

Product

Timeline

No history available yet.