CVE-2025-6751

Name of the Vulnerable Software and Affected Versions: Linksys E8450 versions up to 1.2.00.360516

Description: A critical vulnerability was found in the Linksys E8450, affecting the set device language function of the portal.cgi file in the HTTP POST Request Handler component. The manipulation of the dut language argument leads to a buffer overflow. This issue can be exploited remotely. The exploit has been publicly disclosed.

Recommendations: For Linksys E8450 versions up to 1.2.00.360516, as a temporary workaround, consider disabling the set device language function until a patch is available. Restrict access to the portal.cgi file to minimize the risk of exploitation. Avoid using the dut language argument in the affected HTTP POST Request Handler until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.