Pjq123

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A command injection issue exists in the `cgi portforwarding add/cgi portforwarding del/cgi portforwarding modify/cgi portforwarding add scan/cgi dhcpd lease/cgi ddns/cgi ip/cgi dhcpd` function within the `/cgi-bin/network mgr.cgi` file. This manipulation allows for remote execution of commands. The exploit for this issue is publicly available. **Recommendations** D-Link DNS-120 versions prior to 20260205 D-Link DNR-202L versions prior to 20260205 D-Link DNS-315L versions prior to 20260205 D-Link DNS-320 versions prior to 20260205 D-Link DNS-320L versions prior to 20260205 D-Link DNS-320LW versions prior to 20260205 D-Link DNS-321 versions prior to 20260205 D-Link DNR-322L versions prior to 20260205 D-Link DNS-323 versions prior to 20260205 D-Link DNS-325 versions prior to 20260205 D-Link DNS-326 versions prior to 20260205 D-Link DNS-327L versions prior to 20260205 D-Link DNR-326 versions prior to 20260205 D-Link DNS-340L versions prior to 20260205 D-Link DNS-343 versions prior to 20260205 D-Link DNS-345 versions prior to 20260205 D-Link DNS-726-4 versions prior to 20260205 D-Link DNS-1100-4 versions prior to 20260205 D-Link DNS-1200-05 versions prior to 20260205 D-Link DNS-1550-04 versions prior to 20260205

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A command injection issue exists in D-Link devices. The issue is located in the `/cgi-bin/download mgr.cgi` file, specifically within the `RSS Get Update Status`, `RSS Update`, `RSS Channel AutoDownlaod`, `RSS Add`, `RSS Channel Item Downlaod`, `RSS History Item List`, and `RSS Item List` functions. Remote attackers can exploit this to inject commands. The exploit for this issue has been publicly released. **Recommendations** D-Link DNS-120: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-202L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-315L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-320LW: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-321: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-322L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-323: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-325: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-326: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-327L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNR-326: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-340L: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-343: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-345: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-726-4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1100-4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1200-05: At the moment, there is no information about a newer version that contains a fix for this vulnerability. D-Link DNS-1550-04: Update to a version after 20260205.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A command injection issue exists in the `cgi recovery/cgi backup now/cgi set schedule/cgi set rsync server` function within the `/cgi-bin/remote backup.cgi` file. Remote attackers can manipulate this function to execute arbitrary commands. The exploit for this issue has been publicly disclosed. **Recommendations** D-Link DNS-120: Update to a version beyond 20260205. D-Link DNR-202L: Update to a version beyond 20260205. D-Link DNS-315L: Update to a version beyond 20260205. D-Link DNS-320: Update to a version beyond 20260205. D-Link DNS-320L: Update to a version beyond 20260205. D-Link DNS-320LW: Update to a version beyond 20260205. D-Link DNS-321: Update to a version beyond 20260205. D-Link DNR-322L: Update to a version beyond 20260205. D-Link DNS-323: Update to a version beyond 20260205. D-Link DNS-325: Update to a version beyond 20260205. D-Link DNS-326: Update to a version beyond 20260205. D-Link DNS-327L: Update to a version beyond 20260205. D-Link DNR-326: Update to a version beyond 20260205. D-Link DNS-340L: Update to a version beyond 20260205. D-Link DNS-343: Update to a version beyond 20260205. D-Link DNS-345: Update to a version beyond 20260205. D-Link DNS-726-4: Update to a version beyond 20260205. D-Link DNS-1100-4: Update to a version beyond 20260205. D-Link DNS-1200-05: Update to a version beyond 20260205. D-Link DNS-1550-04: Update to a version beyond 20260205.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A flaw exists due to improper access controls. This issue is related to the `cgi set wto` function within the `/cgi-bin/system mgr.cgi` file. Manipulation of this function can lead to unauthorized access. Remote exploitation is possible. **Recommendations** D-Link DNS-120 versions prior to 20260205 D-Link DNR-202L versions prior to 20260205 D-Link DNS-315L versions prior to 20260205 D-Link DNS-320 versions prior to 20260205 D-Link DNS-320L versions prior to 20260205 D-Link DNS-320LW versions prior to 20260205 D-Link DNS-321 versions prior to 20260205 D-Link DNR-322L versions prior to 20260205 D-Link DNS-323 versions prior to 20260205 D-Link DNS-325 versions prior to 20260205 D-Link DNS-326 versions prior to 20260205 D-Link DNS-327L versions prior to 20260205 D-Link DNR-326 versions prior to 20260205 D-Link DNS-340L versions prior to 20260205 D-Link DNS-343 versions prior to 20260205 D-Link DNS-345 versions prior to 20260205 D-Link DNS-726-4 versions prior to 20260205 D-Link DNS-1100-4 versions prior to 20260205 D-Link DNS-1200-05 versions prior to 20260205 D-Link DNS-1550-04 versions prior to 20260205 As a temporary workaround, consider restricting access to the `/cgi-bin/system mgr.cgi` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A flaw exists in D-Link devices that could allow for command injection. The issue affects an unknown function within the `/cgi-bin/wizard mgr.cgi` file. Successful exploitation can be performed remotely. **Recommendations** For D-Link DNS-120 versions prior to 20260205, update the firmware. For D-Link DNR-202L versions prior to 20260205, update the firmware. For D-Link DNS-315L versions prior to 20260205, update the firmware. For D-Link DNS-320 versions prior to 20260205, update the firmware. For D-Link DNS-320L versions prior to 20260205, update the firmware. For D-Link DNS-320LW versions prior to 20260205, update the firmware. For D-Link DNS-321 versions prior to 20260205, update the firmware. For D-Link DNR-322L versions prior to 20260205, update the firmware. For D-Link DNS-323 versions prior to 20260205, update the firmware. For D-Link DNS-325 versions prior to 20260205, update the firmware. For D-Link DNS-326 versions prior to 20260205, update the firmware. For D-Link DNS-327L versions prior to 20260205, update the firmware. For D-Link DNR-326 versions prior to 20260205, update the firmware. For D-Link DNS-340L versions prior to 20260205, update the firmware. For D-Link DNS-343 versions prior to 20260205, update the firmware. For D-Link DNS-345 versions prior to 20260205, update the firmware. For D-Link DNS-726-4 versions prior to 20260205, update the firmware. For D-Link DNS-1100-4 versions prior to 20260205, update the firmware. For D-Link DNS-1200-05 versions prior to 20260205, update the firmware. For D-Link DNS-1550-04 versions prior to 20260205, update the firmware.

**Name of the Vulnerable Software and Affected Versions** D-Link DNS-120 D-Link DNR-202L D-Link DNS-315L D-Link DNS-320 D-Link DNS-320L D-Link DNS-320LW D-Link DNS-321 D-Link DNR-322L D-Link DNS-323 D-Link DNS-325 D-Link DNS-326 D-Link DNS-327L D-Link DNR-326 D-Link DNS-340L D-Link DNS-343 D-Link DNS-345 D-Link DNS-726-4 D-Link DNS-1100-4 D-Link DNS-1200-05 D-Link DNS-1550-04 versions prior to 20260205 **Description** A flaw exists in the `UPnP AV Server Path Setting` function within the `/cgi-bin/app mgr.cgi` file of the listed D-Link devices. A manipulation of this function can lead to a stack-based buffer overflow, which can be triggered remotely. An exploit for this issue has been published and is available for use. **Recommendations** D-Link DNS-120: Update to a version later than 20260205. D-Link DNR-202L: Update to a version later than 20260205. D-Link DNS-315L: Update to a version later than 20260205. D-Link DNS-320: Update to a version later than 20260205. D-Link DNS-320L: Update to a version later than 20260205. D-Link DNS-320LW: Update to a version later than 20260205. D-Link DNS-321: Update to a version later than 20260205. D-Link DNR-322L: Update to a version later than 20260205. D-Link DNS-323: Update to a version later than 20260205. D-Link DNS-325: Update to a version later than 20260205. D-Link DNS-326: Update to a version later than 20260205. D-Link DNS-327L: Update to a version later than 20260205. D-Link DNR-326: Update to a version later than 20260205. D-Link DNS-340L: Update to a version later than 20260205. D-Link DNS-343: Update to a version later than 20260205. D-Link DNS-345: Update to a version later than 20260205. D-Link DNS-726-4: Update to a version later than 20260205. D-Link DNS-1100-4: Update to a version later than 20260205. D-Link DNS-1200-05: Update to a version later than 20260205. D-Link DNS-1550-04: Update to a version later than 20260205.

**Name of the Vulnerable Software and Affected Versions:** Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions 1.0.013.001 through 1.0.04.002 and 1.1.05.003 and 1.2.07.001 **Description:** A stack-based buffer overflow vulnerability exists in the `addStaProfile` function within the `/goform/addStaProfile` file. Manipulation of the following arguments can trigger the overflow: `profile name`, `Ssid`, `wep key 1`, `wep key 2`, `wep key 3`, `wep key 4`, `wep key length`, `wep default key`, `cipher`, and `passphrase`. Remote exploitation is possible. A public exploit is available. **Recommendations:** Linksys RE6250 version 1.0.013.001 is affected. Linksys RE6250 version 1.0.04.001 is affected. Linksys RE6250 version 1.0.04.002 is affected. Linksys RE6300 version 1.0.013.001 is affected. Linksys RE6300 version 1.0.04.001 is affected. Linksys RE6300 version 1.0.04.002 is affected. Linksys RE6300 version 1.1.05.003 is affected. Linksys RE6300 version 1.2.07.001 is affected. Linksys RE6350 version 1.0.013.001 is affected. Linksys RE6350 version 1.0.04.001 is affected. Linksys RE6350 version 1.0.04.002 is affected. Linksys RE6350 version 1.1.05.003 is affected. Linksys RE6350 version 1.2.07.001 is affected. Linksys RE6500 version 1.0.013.001 is affected. Linksys RE6500 version 1.0.04.001 is affected. Linksys RE6500 version 1.0.04.002 is affected. Linksys RE6500 version 1.1.05.003 is affected. Linksys RE6500 version 1.2.07.001 is affected. Linksys RE7000 version 1.0.013.001 is affected. Linksys RE7000 version 1.0.04.001 is affected. Linksys RE7000 version 1.0.04.002 is affected. Linksys RE7000 version 1.1.05.003 is affected. Linksys RE7000 version 1.2.07.001 is affected. Linksys RE9000 version 1.0.013.001 is affected. Linksys RE9000 version 1.0.04.001 is affected. Linksys RE9000 version 1.0.04.002 is affected. Linksys RE9000 version 1.1.05.003 is affected. Linksys RE9000 version 1.2.07.001 is affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001 **Description:** A security vulnerability exists in the Linksys RE series of range extenders. Manipulation of the `dir`, `sFromPort`, `sToPort`, `dFromPort`, `dToPort`, `protocol`, `layer7`, `dscp`, and `remark dscp` arguments within the `qosClassifier` function of the `/goform/qosClassifier` file can lead to a stack-based buffer overflow. This issue can be exploited remotely. The exploit for this vulnerability has been publicly disclosed. **Recommendations:** Linksys RE6250 versions prior to 1.0.013.001 Linksys RE6300 versions prior to 1.0.013.001 Linksys RE6350 versions prior to 1.0.013.001 Linksys RE6500 versions prior to 1.0.013.001 Linksys RE7000 versions prior to 1.0.013.001 Linksys RE9000 versions prior to 1.0.013.001 Linksys RE6250 versions 1.0.013.001 through 1.0.04.001 Linksys RE6300 versions 1.0.013.001 through 1.0.04.001 Linksys RE6350 versions 1.0.013.001 through 1.0.04.001 Linksys RE6500 versions 1.0.013.001 through 1.0.04.001 Linksys RE7000 versions 1.0.013.001 through 1.0.04.001 Linksys RE9000 versions 1.0.013.001 through 1.0.04.001 Linksys RE6250 versions 1.0.04.001 through 1.0.04.002 Linksys RE6300 versions 1.0.04.001 through 1.0.04.002 Linksys RE6350 versions 1.0.04.001 through 1.0.04.002 Linksys RE6500 versions 1.0.04.001 through 1.0.04.002 Linksys RE7000 versions 1.0.04.001 through 1.0.04.002 Linksys RE9000 versions 1.0.04.001 through 1.0.04.002 Linksys RE6250 versions 1.0.04.002 through 1.1.05.003 Linksys RE6300 versions 1.0.04.002 through 1.1.05.003 Linksys RE6350 versions 1.0.04.002 through 1.1.05.003 Linksys RE6500 versions 1.0.04.002 through 1.1.05.003 Linksys RE7000 versions 1.0.04.002 through 1.1.05.003 Linksys RE9000 versions 1.0.04.002 through 1.1.05.003 Linksys RE6250 versions 1.1.05.003 through 1.2.07.001 Linksys RE6300 versions 1.1.05.003 through 1.2.07.001 Linksys RE6350 versions 1.1.05.003 through 1.2.07.001 Linksys RE6500 versions 1.1.05.003 through 1.2.07.001 Linksys RE7000 versions 1.1.05.003 through 1.2.07.001 Linksys RE9000 versions 1.1.05.003 through 1.2.07.001 At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linksys RE6250 version 1.0.013.001 Linksys RE6300 version 1.0.013.001 Linksys RE6350 version 1.0.013.001 Linksys RE6500 version 1.0.013.001 Linksys RE7000 version 1.0.013.001 Linksys RE9000 version 1.0.013.001 Linksys RE6250 version 1.0.04.001 Linksys RE6300 version 1.0.04.001 Linksys RE6350 version 1.0.04.001 Linksys RE6500 version 1.0.04.001 Linksys RE7000 version 1.0.04.001 Linksys RE9000 version 1.0.04.001 Linksys RE6250 version 1.0.04.002 Linksys RE6300 version 1.0.04.002 Linksys RE6350 version 1.0.04.002 Linksys RE6500 version 1.0.04.002 Linksys RE7000 version 1.0.04.002 Linksys RE9000 version 1.0.04.002 Linksys RE6250 version 1.1.05.003 Linksys RE6300 version 1.1.05.003 Linksys RE6350 version 1.1.05.003 Linksys RE6500 version 1.1.05.003 Linksys RE7000 version 1.1.05.003 Linksys RE9000 version 1.1.05.003 Linksys RE6250 version 1.2.07.001 Linksys RE6300 version 1.2.07.001 Linksys RE6350 version 1.2.07.001 Linksys RE6500 version 1.2.07.001 Linksys RE7000 version 1.2.07.001 Linksys RE9000 version 1.2.07.001 Description: A stack-based buffer overflow issue exists in the `portTriggerManageRule` function within the file `/goform/portTriggerManageRule`. Manipulation of the `triggerRuleName` and `schedule` arguments can trigger the overflow. Remote exploitation is possible. The exploit has been publicly disclosed. Recommendations: Linksys RE6250 versions prior to 1.0.013.001 Linksys RE6300 versions prior to 1.0.013.001 Linksys RE6350 versions prior to 1.0.013.001 Linksys RE6500 versions prior to 1.0.013.001 Linksys RE7000 versions prior to 1.0.013.001 Linksys RE9000 versions prior to 1.0.013.001 Linksys RE6250 versions prior to 1.0.04.001 Linksys RE6300 versions prior to 1.0.04.001 Linksys RE6350 versions prior to 1.0.04.001 Linksys RE6500 versions prior to 1.0.04.001 Linksys RE7000 versions prior to 1.0.04.001 Linksys RE9000 versions prior to 1.0.04.001 Linksys RE6250 versions prior to 1.0.04.002 Linksys RE6300 versions prior to 1.0.04.002 Linksys RE6350 versions prior to 1.0.04.002 Linksys RE6500 versions prior to 1.0.04.002 Linksys RE7000 versions prior to 1.0.04.002 Linksys RE9000 versions prior to 1.0.04.002 Linksys RE6250 versions prior to 1.1.05.003 Linksys RE6300 versions prior to 1.1.05.003 Linksys RE6350 versions prior to 1.1.05.003 Linksys RE6500 versions prior to 1.1.05.003 Linksys RE7000 versions prior to 1.1.05.003 Linksys RE9000 versions prior to 1.1.05.003 Linksys RE6250 versions prior to 1.2.07.001 Linksys RE6300 versions prior to 1.2.07.001 Linksys RE6350 versions prior to 1.2.07.001 Linksys RE6500 versions prior to 1.2.07.001 Linksys RE7000 versions prior to 1.2.07.001 Linksys RE9000 versions prior to 1.2.07.001

**Name of the Vulnerable Software and Affected Versions:** Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001 **Description:** A security vulnerability exists in certain Linksys Wi-Fi range extenders due to a stack-based buffer overflow in the `accessControlAdd` function located in the `/goform/accessControlAdd` file. Manipulation of the `ruleName` and `schedule` arguments can trigger this overflow, allowing for remote attacks. The exploit for this issue has been publicly disclosed. **Recommendations:** For Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001, restrict access to the `/goform/accessControlAdd` file and avoid using the `ruleName` and `schedule` parameters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 versions 1.0.013.001 through 1.2.07.001 Description: A stack-based buffer overflow exists in the `ipRangeBlockManageRule` function of the `/goform/ipRangeBlockManageRule` file. Manipulation of the `ipRangeBlockRuleName`, `scheduleIp`, or `ipRangeBlockRuleIpAddr` arguments can trigger the overflow. This issue is remotely exploitable. Recommendations: Linksys RE6250 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6250 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.0.013.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.0.04.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.0.04.002: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.1.05.003: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000. The issue is due to os command injection in the `sub 3517C` function of the `/goform/setWan` file, triggered by manipulation of the `Hostname` argument. The attack can be launched remotely. The exploit has been publicly disclosed. Recommendations: Versions up to 20250801: As a temporary workaround, consider restricting access to the `/goform/setWan` file to minimize the risk of exploitation. Versions up to 20250801: Avoid using the `Hostname` argument in the affected file `/goform/setWan` until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions:** Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 **Description:** A vulnerability exists in Linksys range extenders that allows for remote attacks. The issue is a stack-based buffer overflow in the `remoteManagement` function of the `/goform/remoteManagement` file. Manipulation of the `portNumber` argument triggers the overflow. The exploit for this vulnerability has been publicly disclosed. **Recommendations:** Linksys RE6250 versions prior to 20250801 Linksys RE6300 versions prior to 20250801 Linksys RE6350 versions prior to 20250801 Linksys RE6500 versions prior to 20250801 Linksys RE7000 versions prior to 20250801 Linksys RE9000 versions prior to 20250801

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote OS command injection. The issue is located in the `um red` function within the `/goform/RP setBasicAuto` file. Manipulation of the `hname` argument can lead to unauthorized command execution. The exploit has been publicly disclosed. Recommendations: Versions up to 20250801: As a temporary workaround, consider restricting access to the `/goform/RP setBasicAuto` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions:** Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 versions up to 20250801 **Description:** A vulnerability exists in the `setRIP` function of the `/goform/setRIP` file. Manipulation of the `RIPmode` and `RIPpasswd` arguments leads to a stack-based buffer overflow, potentially allowing remote attackers to compromise the devices. The exploit has been publicly disclosed and may be actively exploited. The vendor was notified but did not respond. **Recommendations:** Linksys RE6250 versions prior to 20250801 Linksys RE6300 versions prior to 20250801 Linksys RE6350 versions prior to 20250801 Linksys RE6500 versions prior to 20250801 Linksys RE7000 versions prior to 20250801 Linksys RE9000 versions prior to 20250801 At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders due to a flaw in the `um inspect cross band` function within the `/goform/RP setBasicAuto` file. Manipulation of the `staticGateway` argument can lead to operating system command injection. The attack can be initiated remotely. The exploit has been publicly disclosed. Recommendations: Versions up to 20250801: As a temporary workaround, consider restricting access to the `/goform/RP setBasicAuto` file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in the `ipv6cmd` function of the `/goform/setIpv6` file. Manipulation of the following arguments leads to OS command injection: `Ipv6PriDns`, `Ipv6SecDns`, `Ipv6StaticGateway`, `LanIpv6Addr`, `LanPrefixLen`, `pppoeUser`, `pppoePass`, `pppoeIdleTime`, `pppoeRedialPeriod`, `Ipv6in4 PrefixLen`, `LocalIpv6`, `RemoteIpv4`, `LanIPv6 Prefix`, `LanPrefixLen`, `ipv6to4Relay`, `ipv6rdRelay`, `tunrd PrefixLen`, `wan UseLinkLocal`, `Ipv6StaticIp`, and `Ipv6PrefixLen`. The attack can be launched remotely. The exploit has been publicly disclosed. Recommendations: Linksys RE6250 versions prior to 20250801 Linksys RE6300 versions prior to 20250801 Linksys RE6350 versions prior to 20250801 Linksys RE6500 versions prior to 20250801 Linksys RE7000 versions prior to 20250801 Linksys RE9000 versions prior to 20250801

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists due to os command injection. The `RP setBasicAuto` function within the `/goform/RP setBasicAuto` file is affected. Manipulation of the `staticIp/staticNetmask` argument allows for remote execution of operating system commands. The exploit has been publicly disclosed. Recommendations: Linksys RE6250 versions prior to 20250801 Linksys RE6300 versions prior to 20250801 Linksys RE6350 versions prior to 20250801 Linksys RE6500 versions prior to 20250801 Linksys RE7000 versions prior to 20250801 Linksys RE9000 versions prior to 20250801 As a temporary workaround, consider restricting access to the `/goform/RP setBasicAuto` file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders. The issue affects the `setDMZ` function within the `/goform/setDMZ` file. Manipulation of the `DMZIPAddress` argument can lead to a stack-based buffer overflow. This attack can be initiated remotely. The exploit for this issue has been publicly disclosed. The vendor was informed of the disclosure but did not respond. Recommendations: Linksys RE6250 versions prior to 20250801 Linksys RE6300 versions prior to 20250801 Linksys RE6350 versions prior to 20250801 Linksys RE6500 versions prior to 20250801 Linksys RE7000 versions prior to 20250801 Linksys RE9000 versions prior to 20250801 As a temporary workaround, consider restricting access to the `/goform/setDMZ` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions:** Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 versions up to 20250801 **Description:** A stack-based buffer overflow vulnerability exists in the `um rp autochannel` function within the `/goform/RP setBasicAuto` file of affected Linksys devices. Manipulation of the `apcli AuthMode 2G` and `apcli AuthMode 5G` arguments can trigger the overflow. This vulnerability allows for remote code execution. The exploit for this issue has been publicly disclosed, and the vendor has not responded to reports regarding this vulnerability. **Recommendations:** Linksys RE6250 versions prior to 20250801 Linksys RE6300 versions prior to 20250801 Linksys RE6350 versions prior to 20250801 Linksys RE6500 versions prior to 20250801 Linksys RE7000 versions prior to 20250801 Linksys RE9000 versions prior to 20250801 At the moment, there is no information about a newer version that contains a fix for this vulnerability.