PT-2025-34860 · Linksys · Linksys E1700

Bond_Yes

Published

2025-08-27

Updated

2025-08-27

CVE-2025-9525

Report an issue

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions:

Linksys E1700 version 1.0.0.4.003

Description:

A stack-based buffer overflow exists in the `setWan` function of the `/goform/setWan` file. Manipulation of the `DeviceName/lanIp` argument causes the overflow, allowing for potential remote code execution.

Recommendations:

Update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the `setWan` function until a patch is available.

Exploit

Fix

Buffer Overflow

Stack Overflow

Weakness Enumeration

CWE-119CWE-121

Related Identifiers

CVE-2025-9525

Affected Products

Linksys E1700

PT-2025-34860 · Linksys · Linksys E1700

Weakness Enumeration

Related Identifiers

Affected Products

References · 13