CVE-2025-9245 in RE6250
Summary
by MITRE • 08/20/2025
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the argument ssid results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/03/2025
This vulnerability resides within the firmware of several Linksys router models including the RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000, specifically versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001. The flaw exists in the web-based administration interface through the WPSSTAPINEnr function located in the /goform/WPSSTAPINEnr file path. This represents a classic stack-based buffer overflow vulnerability that occurs when the ssid argument parameter is manipulated beyond its allocated memory boundaries. The vulnerability is particularly concerning as it allows for remote exploitation without requiring authentication, making it accessible to any attacker with network connectivity to the affected devices.
The technical implementation of this vulnerability stems from improper input validation within the WPSSTAPINEnr function that processes the ssid parameter. When an attacker sends a specially crafted request containing an oversized ssid value, the application fails to properly bounds-check the input before copying it into a fixed-size stack buffer. This classic programming error creates a condition where the buffer overflow can overwrite adjacent memory locations including return addresses, function pointers, and other critical program state information. The vulnerability aligns with CWE-121 Stack-based Buffer Overflow, which is categorized under the broader weakness of insufficient validation of buffer limits. The attack vector is classified as remote, meaning an attacker can exploit this vulnerability from outside the local network without requiring physical access or local credentials.
The operational impact of this vulnerability extends beyond simple denial of service scenarios as it provides potential for arbitrary code execution on the affected devices. Successful exploitation could enable attackers to gain full administrative control over the routers, allowing them to modify network configurations, redirect traffic, install malicious firmware, or use the devices as entry points for further attacks within the network. The public availability of exploitation tools increases the likelihood of widespread compromise across affected deployments, particularly in residential and small business environments where firmware updates may be infrequent or neglected. This vulnerability directly maps to ATT&CK technique T1059.007 for Command and Scripting Interpreter and T1566.001 for Phishing, as compromised routers can be used for both command execution and network reconnaissance activities.
Organizations and individuals should immediately implement mitigation strategies including disabling unnecessary services, applying firmware updates if available, and implementing network segmentation to isolate affected devices. Network administrators should monitor for unusual traffic patterns and consider deploying intrusion detection systems to identify exploitation attempts. The lack of vendor response to early disclosure attempts underscores the importance of proactive security measures and highlights the risks associated with unsupported legacy firmware versions. Regular firmware update procedures and vulnerability scanning should be implemented as part of comprehensive network security protocols to prevent similar issues from compromising network infrastructure. The vulnerability demonstrates the critical need for proper input validation and memory management practices in embedded systems and web applications.