CVE-2025-9253

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001

Description: A security vulnerability exists in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 devices. The RP doSpecifySiteSurvey function within the /goform/RP doSpecifySiteSurvey file is susceptible to a stack-based buffer overflow. This occurs through the manipulation of the ssidhex argument. The attack can be initiated remotely, and a public exploit is available. The vendor was informed of this disclosure but did not respond.

Recommendations: Linksys RE6250 version 1.0.013.001 through version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6300 version 1.0.013.001 through version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6350 version 1.0.013.001 through version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE6500 version 1.0.013.001 through version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE7000 version 1.0.013.001 through version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Linksys RE9000 version 1.0.013.001 through version 1.2.07.001: At the moment, there is no information about a newer version that contains a fix for this vulnerability.