CVE-2025-9393

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions 1.0.013.001 through 1.0.04.002 and 1.1.05.003 and 1.2.07.001

Description: A stack-based buffer overflow vulnerability exists in the addStaProfile function within the /goform/addStaProfile file. Manipulation of the following arguments can trigger the overflow: profile name, Ssid, wep key 1, wep key 2, wep key 3, wep key 4, wep key length, wep default key, cipher, and passphrase. Remote exploitation is possible. A public exploit is available.

Recommendations: Linksys RE6250 version 1.0.013.001 is affected. Linksys RE6250 version 1.0.04.001 is affected. Linksys RE6250 version 1.0.04.002 is affected. Linksys RE6300 version 1.0.013.001 is affected. Linksys RE6300 version 1.0.04.001 is affected. Linksys RE6300 version 1.0.04.002 is affected. Linksys RE6300 version 1.1.05.003 is affected. Linksys RE6300 version 1.2.07.001 is affected. Linksys RE6350 version 1.0.013.001 is affected. Linksys RE6350 version 1.0.04.001 is affected. Linksys RE6350 version 1.0.04.002 is affected. Linksys RE6350 version 1.1.05.003 is affected. Linksys RE6350 version 1.2.07.001 is affected. Linksys RE6500 version 1.0.013.001 is affected. Linksys RE6500 version 1.0.04.001 is affected. Linksys RE6500 version 1.0.04.002 is affected. Linksys RE6500 version 1.1.05.003 is affected. Linksys RE6500 version 1.2.07.001 is affected. Linksys RE7000 version 1.0.013.001 is affected. Linksys RE7000 version 1.0.04.001 is affected. Linksys RE7000 version 1.0.04.002 is affected. Linksys RE7000 version 1.1.05.003 is affected. Linksys RE7000 version 1.2.07.001 is affected. Linksys RE9000 version 1.0.013.001 is affected. Linksys RE9000 version 1.0.04.001 is affected. Linksys RE9000 version 1.0.04.002 is affected. Linksys RE9000 version 1.1.05.003 is affected. Linksys RE9000 version 1.2.07.001 is affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.