Volerion logoVolerion
Volerion logoVolerion

Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 Stack-Based Buffer Overflow Vulnerability

Vulnerability

A stack-based buffer overflow vulnerability has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 routers with firmware released prior to August 1, 2025. The vulnerability arises in the 'langSwitchBack' function of the '/goform/langSwitchBack' file, where the 'langSelectionOnly' argument is not properly validated. This oversight allows remote attackers to send overly long data, causing a stack overflow that could be exploited to execute arbitrary code. The issue has been publicly disclosed, and an exploit is available.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by sending a POST request to '/goform/langSwitchBack' with a 'langSelectionOnly' parameter containing a payload that exceeds the buffer's capacity. This causes the router to crash, disrupting its normal service.

Added: Aug 11, 2025, 7:20 AM
Updated: Aug 11, 2025, 7:20 AM

Vulnerability Rating

Custom Algorithm
spread
4.5
impact
7.5
exploitability
9.1
remediation
7.7
relevance
0.3
threat
6.4
urgency
2.9
incentive
9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.