CVE-2025-9360

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001

Description: A security vulnerability exists in certain Linksys Wi-Fi range extenders due to a stack-based buffer overflow in the accessControlAdd function located in the /goform/accessControlAdd file. Manipulation of the ruleName and schedule arguments can trigger this overflow, allowing for remote attacks. The exploit for this issue has been publicly disclosed.

Recommendations: For Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001, restrict access to the /goform/accessControlAdd file and avoid using the ruleName and schedule parameters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.