Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 routers, all running firmware released prior to August 1, 2025. The vulnerability resides in the 'wirelessBasic' function of the '/goform/wirelessBasic' file. It allows remote attackers to manipulate the 'submit_SSID1' argument, leading to a buffer overflow by overwriting the return address of the function. This exploitation can be used to execute arbitrary code. The issue has been publicly disclosed, and a proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service and functionality.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/wirelessBasic' with a crafted 'submit_SSID1' parameter that exceeds the buffer limit. This will trigger the stack-based buffer overflow by overwriting the return address, causing the router to crash.