Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-9356

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can lead to stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Published

2025-08-22T21:15:32.913

Last Modified

2025-08-26T15:15:49.263

Status

Undergoing Analysis

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.0

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-119
CWE-121

Affected Vendors & Products

References

https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md ([email protected])
https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc ([email protected])
https://vuldb.com/?ctiid.321059 ([email protected])
https://vuldb.com/?id.321059 ([email protected])
https://vuldb.com/?submit.631528 ([email protected])
https://www.linksys.com/ ([email protected])
https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md (134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc (134c704f-9b21-4f2e-91b3-4a467353bcc0)