CVE-2025-8826

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 versions up to 20250801

Description: A stack-based buffer overflow vulnerability exists in the um rp autochannel function within the /goform/RP setBasicAuto file of affected Linksys devices. Manipulation of the apcli AuthMode 2G and apcli AuthMode 5G arguments can trigger the overflow. This vulnerability allows for remote code execution. The exploit for this issue has been publicly disclosed, and the vendor has not responded to reports regarding this vulnerability.

Recommendations: Linksys RE6250 versions prior to 20250801 Linksys RE6300 versions prior to 20250801 Linksys RE6350 versions prior to 20250801 Linksys RE6500 versions prior to 20250801 Linksys RE7000 versions prior to 20250801 Linksys RE9000 versions prior to 20250801 At the moment, there is no information about a newer version that contains a fix for this vulnerability.