CVE-2025-9392

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001

Description: A security vulnerability exists in the Linksys RE series of range extenders. Manipulation of the dir, sFromPort, sToPort, dFromPort, dToPort, protocol, layer7, dscp, and remark dscp arguments within the qosClassifier function of the /goform/qosClassifier file can lead to a stack-based buffer overflow. This issue can be exploited remotely. The exploit for this vulnerability has been publicly disclosed.

Recommendations: Linksys RE6250 versions prior to 1.0.013.001 Linksys RE6300 versions prior to 1.0.013.001 Linksys RE6350 versions prior to 1.0.013.001 Linksys RE6500 versions prior to 1.0.013.001 Linksys RE7000 versions prior to 1.0.013.001 Linksys RE9000 versions prior to 1.0.013.001 Linksys RE6250 versions 1.0.013.001 through 1.0.04.001 Linksys RE6300 versions 1.0.013.001 through 1.0.04.001 Linksys RE6350 versions 1.0.013.001 through 1.0.04.001 Linksys RE6500 versions 1.0.013.001 through 1.0.04.001 Linksys RE7000 versions 1.0.013.001 through 1.0.04.001 Linksys RE9000 versions 1.0.013.001 through 1.0.04.001 Linksys RE6250 versions 1.0.04.001 through 1.0.04.002 Linksys RE6300 versions 1.0.04.001 through 1.0.04.002 Linksys RE6350 versions 1.0.04.001 through 1.0.04.002 Linksys RE6500 versions 1.0.04.001 through 1.0.04.002 Linksys RE7000 versions 1.0.04.001 through 1.0.04.002 Linksys RE9000 versions 1.0.04.001 through 1.0.04.002 Linksys RE6250 versions 1.0.04.002 through 1.1.05.003 Linksys RE6300 versions 1.0.04.002 through 1.1.05.003 Linksys RE6350 versions 1.0.04.002 through 1.1.05.003 Linksys RE6500 versions 1.0.04.002 through 1.1.05.003 Linksys RE7000 versions 1.0.04.002 through 1.1.05.003 Linksys RE9000 versions 1.0.04.002 through 1.1.05.003 Linksys RE6250 versions 1.1.05.003 through 1.2.07.001 Linksys RE6300 versions 1.1.05.003 through 1.2.07.001 Linksys RE6350 versions 1.1.05.003 through 1.2.07.001 Linksys RE6500 versions 1.1.05.003 through 1.2.07.001 Linksys RE7000 versions 1.1.05.003 through 1.2.07.001 Linksys RE9000 versions 1.1.05.003 through 1.2.07.001 At the moment, there is no information about a newer version that contains a fix for this vulnerability.