CVE-2025-8824
BaseFortify
Publication date: 2025-08-11
Last updated on: 2025-09-04
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linksys | re6250_firmware | 1.0.04.001 |
| linksys | re6250 | * |
| linksys | re6300_firmware | 1.2.07.001 |
| linksys | re6300 | * |
| linksys | re6350_firmware | 1.0.04.001 |
| linksys | re6350 | * |
| linksys | re7000_firmware | 1.1.05.003 |
| linksys | re7000 | * |
| linksys | re9000_firmware | 1.0.04.002 |
| linksys | re9000 | * |
| linksys | re6500_firmware | 1.0.013.001 |
| linksys | re6500 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include isolating or disconnecting affected Linksys devices (RE6250, RE6300, RE6350, RE6500, RE7000, RE9000 with firmware up to 20250801) from the network to prevent remote exploitation, as no patches or vendor mitigations are available. It is recommended to replace these vulnerable devices with alternative products that are not affected by this vulnerability. Additionally, monitoring network traffic for exploit attempts and applying network-level protections such as firewall rules to block access to the /goform/setRIP endpoint can help reduce risk. [2]
Can you explain this vulnerability to me?
CVE-2025-8824 is a stack-based buffer overflow vulnerability found in multiple Linksys range extender models (RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000) up to firmware version 20250801. The flaw exists in the setRIP function within the /goform/setRIP file, where the parameters RIPmode and RIPpasswd can be manipulated by an attacker with crafted input that exceeds expected lengths. This causes a stack overflow, which can be exploited remotely without authentication to crash the device or potentially execute arbitrary code. [1, 2]
How can this vulnerability impact me? :
This vulnerability can compromise the confidentiality, integrity, and availability of the affected Linksys devices. An attacker can remotely exploit the stack-based buffer overflow to crash the device or execute arbitrary code, potentially gaining control over the device. Since no authentication is required, the attack is highly accessible. There are no known patches or mitigations, so affected devices remain at risk until replaced or otherwise secured. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for suspicious HTTP requests targeting the /goform/setRIP endpoint with unusually long or malformed parameters RIPmode or RIPpasswd, which may indicate attempts to exploit the stack-based buffer overflow. Since the exploit is publicly available and remotely exploitable without authentication, inspecting logs or using intrusion detection systems (IDS) to flag such requests is recommended. Specific commands could include using curl or wget to test the endpoint with crafted inputs, or using network monitoring tools like tcpdump or Wireshark to capture and analyze traffic to the vulnerable devices. For example, a command to test the endpoint might be: curl -X POST http://<device-ip>/goform/setRIP -d "RIPmode=AAAA...&RIPpasswd=BBBB..." with long strings to see if the device crashes or behaves abnormally. [1, 2]