Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 routers, all running firmware released prior to August 1, 2025. The vulnerability arises in the 'setOpMode' function of the '/goform/setOpMode' file, where the 'ethConv' argument is manipulated, leading to a buffer overflow condition. This flaw allows remote attackers to crash the router or potentially execute arbitrary code by overwriting the return address of a function on the stack.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and availability.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/setOpMode' with a crafted 'ethConv' parameter that is excessively long. This will trigger the buffer overflow by overwriting the stack. Following this, send a POST request to '/goform/setWan' to complete the exploitation process, which will result in the router crashing and failing to provide services correctly.