RE7000

CVEs (15)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-8829	Linksys Re6250 Firmware	Med	0.41	6.3	0.01	Aug 11, 2025	A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8825	Linksys Re6250 Firmware	Med	0.41	6.3	0.01	Aug 11, 2025	A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8823	Linksys Re6250 Firmware	Med	0.41	6.3	0.01	Aug 11, 2025	A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8821	Linksys Re6250 Firmware	Med	0.41	6.3	0.01	Aug 11, 2025	A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5446	Linksys RE6500		0.01	—	0.06	Jun 2, 2025	A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5441	Linksys RE6500		0.01	—	0.06	Jun 2, 2025	A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-14135	Linksys RE7000		0.00	—	0.00	Dec 6, 2025	A vulnerability was identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function AP_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-60696	Linksys RE7000		0.00	—	0.00	Nov 13, 2025	A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). The arplookup function parses lines from /proc/net/arp using sscanf("%16s ... %18s ..."), storing results into buffers v6 (12 bytes) and v7 (20 bytes). Since the format specifiers allow up to 16 and 18 bytes respectively, oversized input can overflow the buffers, resulting in stack corruption. Local attackers controlling /proc/net/arp contents can exploit this issue to cause denial of service or potentially execute arbitrary code.
CVE-2025-9482	Linksys RE6500		0.00	—	0.01	Aug 26, 2025	A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function portRangeForwardAdd of the file /goform/portRangeForwardAdd. The manipulation of the argument ruleName/schedule/inboundFilter/TCPPorts/UDPPorts results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9392	Linksys RE6500		0.00	—	0.00	Aug 24, 2025	A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. Such manipulation of the argument dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9362	Linksys RE6500		0.00	—	0.00	Aug 23, 2025	A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function urlFilterManageRule of the file /goform/urlFilterManageRule. Executing manipulation of the argument urlFilterRuleName/scheduleUrl/addURLFilter can lead to stack-based buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9360	Linksys RE6500		0.00	—	0.01	Aug 23, 2025	A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function accessControlAdd of the file /goform/accessControlAdd. Such manipulation of the argument ruleName/schedule leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8832	Linksys RE7000		0.00	—	0.00	Aug 11, 2025	A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8820	Linksys RE6500		0.00	—	0.00	Aug 10, 2025	A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submit_SSID1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5439	Linksys RE6500		0.00	—	0.05	Jun 2, 2025	A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-8829MedAug 11, 2025
Linksys
Re6250 Firmware
risk 0.41cvss 6.3epss 0.01
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8825MedAug 11, 2025
Linksys
Re6250 Firmware
risk 0.41cvss 6.3epss 0.01
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8823MedAug 11, 2025
Linksys
Re6250 Firmware
risk 0.41cvss 6.3epss 0.01
A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8821MedAug 11, 2025
Linksys
Re6250 Firmware
risk 0.41cvss 6.3epss 0.01
A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5446Jun 2, 2025
Linksys
RE6500
risk 0.01cvss —epss 0.06
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file /goform/RP_checkCredentialsByBBS. The manipulation of the argument pwd leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5441Jun 2, 2025
Linksys
RE6500
risk 0.01cvss —epss 0.06
A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The manipulation of the argument DeviceURL leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-14135Dec 6, 2025
Linksys
RE7000
risk 0.00cvss —epss 0.00
A vulnerability was identified in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function AP_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-60696Nov 13, 2025
Linksys
RE7000
risk 0.00cvss —epss 0.00
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). The arplookup function parses lines from /proc/net/arp using sscanf("%16s ... %18s ..."), storing results into buffers v6 (12 bytes) and v7 (20 bytes). Since the format specifiers allow up to 16 and 18 bytes respectively, oversized input can overflow the buffers, resulting in stack corruption. Local attackers controlling /proc/net/arp contents can exploit this issue to cause denial of service or potentially execute arbitrary code.
CVE-2025-9482Aug 26, 2025
Linksys
RE6500
risk 0.00cvss —epss 0.01
A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This impacts the function portRangeForwardAdd of the file /goform/portRangeForwardAdd. The manipulation of the argument ruleName/schedule/inboundFilter/TCPPorts/UDPPorts results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9392Aug 24, 2025
Linksys
RE6500
risk 0.00cvss —epss 0.00
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. Such manipulation of the argument dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9362Aug 23, 2025
Linksys
RE6500
risk 0.00cvss —epss 0.00
A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. The impacted element is the function urlFilterManageRule of the file /goform/urlFilterManageRule. Executing manipulation of the argument urlFilterRuleName/scheduleUrl/addURLFilter can lead to stack-based buffer overflow. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9360Aug 23, 2025
Linksys
RE6500
risk 0.00cvss —epss 0.01
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function accessControlAdd of the file /goform/accessControlAdd. Such manipulation of the argument ruleName/schedule leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8832Aug 11, 2025
Linksys
RE7000
risk 0.00cvss —epss 0.00
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8820Aug 10, 2025
Linksys
RE6500
risk 0.00cvss —epss 0.00
A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submit_SSID1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5439Jun 2, 2025
Linksys
RE6500
risk 0.00cvss —epss 0.05
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the argument uid/accessToken leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.