CVE-2025-9393 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 /goform/addStaProfile stack-based overflow

A vulnerability identified as critical has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument profile_name/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase results in stack-based buffer overflow.

This vulnerability is known as CVE-2025-9393. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9393 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 /goform/addStaProfile stack-based overflow

Post correlati

CVE-2024-24860 | Linux Kernel up to 6.8-rc2 Bluetooth Device min_key_size_set/max_key_size_set race condition

CVE-2024-21096 | Oracle MySQL Server up to 8.0.36 Mysqldump improper authorization

CVE-2025-37832 | Linux Kernel up to 6.12.25/6.14.4/6.15-rc3 Cpufreq Driver nvmem_cell_read out-of-bounds

CVE-2024-35180 | ome omero-web up to 5.25.0 callback unknown vulnerability (GHSA-vr85-5pwx-c6gq)