CVE-2025-14136
BaseFortify
Publication date: 2025-12-06
Last updated on: 2025-12-10
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linksys | re6500_firmware | 1.0.013.001 |
| linksys | re6500 | * |
| linksys | re6250_firmware | 1.0.04.001 |
| linksys | re6250 | * |
| linksys | re6300_firmware | 1.2.07.001 |
| linksys | re6300 | * |
| linksys | re6350_firmware | 1.0.04.001 |
| linksys | re6350 | * |
| linksys | re7000_firmware | 1.1.05.003 |
| linksys | re7000 | * |
| linksys | re9000_firmware | 1.0.04.002 |
| linksys | re9000 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in certain Linksys repeater models (RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000) in specific firmware versions. It occurs in the function RE2000v2Repeater_get_wired_clientlist_setClientsName within the mod_form.so file when the argument clientsname_0 is manipulated. This flaw can be exploited remotely, allowing an attacker to potentially execute arbitrary code or cause a denial of service.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to remote code execution or denial of service on affected devices. This means an attacker could take control of the device, disrupt its normal operation, or use it as a foothold to attack other parts of the network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability compromises the confidentiality, integrity, and availability of affected devices, which could lead to unauthorized access or data breaches. Such impacts may result in non-compliance with standards and regulations like GDPR and HIPAA that require protection of sensitive data and system integrity. However, no specific compliance implications or regulatory impacts are detailed in the provided resources. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or malformed requests targeting the parameter 'clientsname_0' in the affected Linksys range extenders' web interface. Since the exploit involves sending crafted input to the function RE2000v2Repeater_get_wired_clientlist_setClientsName, network intrusion detection systems (NIDS) can be configured to alert on suspicious HTTP requests containing excessively long or malformed 'clientsname_0' parameters. Specific commands are not provided in the resources, but using tools like Wireshark or tcpdump to capture HTTP traffic and searching for 'clientsname_0' in requests may help detect exploitation attempts. Additionally, scanning for the presence of vulnerable firmware versions on devices in the network can assist in identifying at-risk systems. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the affected Linksys devices with alternative hardware, as no official patches or vendor mitigations are available. Since the vendor did not respond or provide fixes, and no known countermeasures exist, discontinuing use of the vulnerable firmware versions is recommended to avoid risk. Network administrators should also consider isolating or restricting access to these devices to limit exposure to remote attacks. [2]