Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 routers, all running specific firmware versions. The vulnerability arises in the 'RP_pingGatewayByBBS' function, where the 'ssidhex' parameter is not properly validated, allowing remote attackers to send overly long data that overwrites the stack and potentially executes arbitrary code. This issue can lead to a denial-of-service condition, causing the router to crash and disrupt normal service.

Impact

Exploitation of this vulnerability causes the router to crash, leading to a persistent denial-of-service condition where the device cannot provide services correctly.

Reproduction

To reproduce this vulnerability, send a POST request to '/goform/RP_pingGatewayByBBS' with the 'ssidhex' parameter containing a long string. The router will crash, demonstrating the buffer overflow condition.