How ZeroPath Works
Back to Blog

Linksys RE Series CVE-2025-9482 Stack Buffer Overflow: Brief Summary and Technical Review

This post provides a brief summary and technical review of CVE-2025-9482, a stack-based buffer overflow in Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 range extenders. The vulnerability affects specific firmware versions and allows remote exploitation via the /goform/portRangeForwardAdd endpoint. No official patch or detection method is available at this time.
CVE Analysis

8 min read

ZeroPath CVE Analysis

ZeroPath CVE Analysis

2025-08-26

Linksys RE Series CVE-2025-9482 Stack Buffer Overflow: Brief Summary and Technical Review
Experimental AI-Generated Content

This CVE analysis is an experimental publication that is completely AI-generated. The content may contain errors or inaccuracies and is subject to change as more information becomes available. We are continuously refining our process.

If you have feedback, questions, or notice any errors, please reach out to us.

[email protected]

Introduction - Engaging opening that highlights real impact and significance

Remote attackers can gain code execution on Linksys RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 wireless range extenders by exploiting a stack-based buffer overflow in the portRangeForwardAdd function. This vulnerability affects widely deployed consumer and SMB networking devices, with public exploit code available and no vendor patch or official remediation guidance.

Technical Information

CVE-2025-9482 is a stack-based buffer overflow vulnerability in the portRangeForwardAdd function of Linksys RE series range extenders. The flaw is triggered when an attacker sends an HTTP POST request to the /goform/portRangeForwardAdd endpoint with oversized values in any of the following parameters:

  • ruleName
  • schedule
  • inboundFilter
  • TCPPorts
  • UDPPorts

The vulnerable function copies these parameters into fixed-size stack-allocated buffers without proper bounds checking. This allows an attacker to overwrite adjacent stack memory, including the saved return address, leading to potential remote code execution. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-121 (Stack-based Buffer Overflow).

Multiple related vulnerabilities have been reported in the same product line and firmware versions, targeting other /goform/ endpoints such as scheduleAdd, qosClassifier, inboundFilterAdd, langSwitchByBBS, and addStaProfile. Each of these vulnerabilities involves similar unsafe string handling and lack of input validation, indicating a systemic issue in the firmware codebase.

No official patch, detection method, or vendor advisory is available as of this writing. Public exploit code for similar vulnerabilities is available, significantly increasing the risk of exploitation.

Affected Systems and Versions (MUST BE SPECIFIC)

The following Linksys RE series range extenders and firmware versions are affected:

  • Linksys RE6250 (firmware 1.0.013.001)
  • Linksys RE6300 (firmware 1.0.04.001)
  • Linksys RE6350 (firmware 1.0.04.002)
  • Linksys RE6500 (firmware 1.1.05.003)
  • Linksys RE7000 (firmware 1.2.07.001)
  • Linksys RE9000 (firmware 1.2.07.001)

All configurations exposing the /goform/portRangeForwardAdd endpoint are vulnerable.

Vendor Security History (only if specific information available)

Linksys has a documented pattern of stack-based buffer overflow vulnerabilities in the RE series product line, with multiple CVEs reported in 2025 affecting similar endpoints and parameters. The vendor has not responded to coordinated disclosure attempts and has not issued timely patches or advisories for these flaws. This raises concerns about the maturity of Linksys's vulnerability management and secure development lifecycle for embedded products.

References

Detect & fix
what others miss

Get startedBook a demo