CVE-2025-9359 in RE6250info

Summary

by MITRE • 08/23/2025

A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. This manipulation of the argument ssidhex/pwd causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 09/03/2025

This vulnerability exists within multiple Linksys router models including the RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 firmware versions 1.0.013.001 through 1.2.07.001. The flaw is specifically located in the RP_checkCredentialsByBBS function within the /goform/RP_checkCredentialsByBBS file path, representing a critical security weakness that allows for remote code execution through stack-based buffer overflow exploitation. The vulnerability is triggered by manipulating the ssidhex/pwd arguments, which when improperly handled lead to memory corruption that can be leveraged by remote attackers to execute arbitrary code on affected devices. This represents a classic stack buffer overflow vulnerability that falls under CWE-121, which describes stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite adjacent memory locations including return addresses and function pointers.

The remote exploitation capability of this vulnerability presents significant operational risks for affected networks, as attackers can initiate attacks from outside the network perimeter without requiring physical access or local network credentials. The availability of public exploits for this vulnerability increases the likelihood of successful attacks against unpatched devices, making these routers particularly dangerous in environments where network security is paramount. The lack of vendor response to early disclosure attempts further compounds the risk, leaving users without official patches or mitigation guidance during an active exploitation period. This vulnerability aligns with ATT&CK technique T1210, which describes exploitation of remote services through buffer overflow attacks, and demonstrates the persistent threat that unpatched network infrastructure poses to enterprise security postures.

Organizations utilizing these affected Linksys router models should immediately implement network segmentation to isolate these devices from critical infrastructure, disable unnecessary remote management services, and deploy network monitoring solutions to detect potential exploitation attempts. The recommended mitigation strategy includes applying firmware updates from Linksys as soon as they become available, though the vendor's lack of response suggests that immediate network-level defensive measures are essential. Network administrators should also consider implementing intrusion detection systems that can identify suspicious traffic patterns associated with buffer overflow exploitation attempts, and establish monitoring protocols to detect unauthorized access attempts to the affected RP_checkCredentialsByBBS endpoint. Given the public availability of exploit code, the window for effective defense is limited, making immediate action critical for maintaining network security integrity.

Responsible

VulDB

Disclosure

08/23/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00900

KEV

no

Activities

low

Sources

Interested in the pricing of exploits?

See the underground prices here!