Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-9393

A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument profile_name/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Published

2025-08-24T16:15:30.250

Last Modified

2025-09-02T18:18:17.873

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

8.0

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-119
    CWE-121
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System linksys re6250_firmware 1.0.04.001 Yes
Hardware linksys re6250 - No
Operating System linksys re6300_firmware 1.2.07.001 Yes
Hardware linksys re6300 - No
Operating System linksys re6350_firmware 1.0.04.001 Yes
Hardware linksys re6350 - No
Operating System linksys re7000_firmware 1.1.05.003 Yes
Hardware linksys re7000 - No
Operating System linksys re9000_firmware 1.0.04.002 Yes
Hardware linksys re9000 - No
References