CVE-2025-9481 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 /goform/setIpv6 tunrd_Prefix stack-based overflow

A vulnerability marked as critical has been reported in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function setIpv6 of the file /goform/setIpv6. The manipulation of the argument tunrd_Prefix leads to stack-based buffer overflow.

This vulnerability is referenced as CVE-2025-9481. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9481 | Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 /goform/setIpv6 tunrd_Prefix stack-based overflow

Post correlati

CVE-2024-42240 | Linux Kernel up to 5.15.162/6.1.99/6.6.40/6.9.9 entry_SYSENTER_compat memory corruption

CVE-2016-15037 | go4rayyan Scumblr up to 2.0.1a Task cross site scripting

CVE-2024-0646 | Linux Kernel TLS /net/tls/tls_sw.c tls_sw_sendmsg_splice out-of-bounds write

CVE-2024-22125 | SAP GUI Connector for Microsoft Edge 1.0 unknown vulnerability