Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 routers with firmware released prior to August 1, 2025. The vulnerability resides in the 'setWan' function of the '/goform/setWan' file, where the 'staticIp' argument is manipulated, leading to a buffer overflow condition. This vulnerability can be exploited remotely, allowing attackers to crash the router or potentially execute arbitrary code.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and functionality.

Reproduction

To reproduce this vulnerability, first send a POST request to '/goform/setWan' with a crafted 'staticIp' value that exceeds the buffer limit. This will trigger the buffer overflow by overwriting the return address on the stack. After the overflow is triggered, the router will crash and fail to provide services correctly.