Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 routers, all running firmware released prior to August 1, 2025. The vulnerability resides in the 'algDisable' function within the '/goform/setOpMode' file. It allows remote attackers to manipulate the 'opMode' argument, leading to a buffer overflow condition. This exploitation can be used to execute arbitrary code on the device.

Impact

Exploitation of this vulnerability causes the router to crash, disrupting its normal service operations and rendering it unable to function correctly.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/setOpMode' with a crafted 'opMode' value that exceeds the buffer limit. This will trigger the stack-based overflow when the 'opMode' data is processed by the 'algDisable' function. The overflow can be exploited to execute arbitrary code, but in the reported case, it simply crashes the router.