Critical Stack Overflow Vulnerability Discovered in Linksys RE Series Wi-Fi Extenders (CVE-2025-14135)

Overview

A high-severity vulnerability, identified as CVE-2025-14135, has been discovered in several Linksys RE series Wi-Fi extenders. This vulnerability is a stack-based buffer overflow affecting the AP_get_wired_clientlist_setClientsName function within the mod_form.so file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected device.

Technical Details

The vulnerability resides in the AP_get_wired_clientlist_setClientsName function of the mod_form.so module. It occurs due to insufficient input validation when handling the clientsname_0 argument. By providing an overly long string as the value for clientsname_0, an attacker can overwrite adjacent memory on the stack, leading to a buffer overflow. The affected firmware versions are 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001 for the following Linksys models:

• RE6500
• RE6250
• RE6300
• RE6350
• RE7000
• RE9000

The exploit is publicly available, increasing the risk of exploitation.

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) score for CVE-2025-14135 is 8.8 (HIGH). This score reflects the potential for significant impact due to the remote attack vector and the ability to execute arbitrary code.

Possible Impact

Exploitation of this vulnerability can lead to the following:

• Remote code execution on the affected Linksys Wi-Fi extender.
• Complete compromise of the device.
• Potential for the attacker to pivot to other devices on the network.
• Denial-of-service (DoS) conditions.

Mitigation or Patch Steps

Unfortunately, the vendor, Linksys, has not responded to disclosure attempts and has not released a patch at the time of this writing.

Recommendations include:

• Discontinue Use: If possible, discontinue the use of affected Linksys RE series extenders until a patch is available.
• Network Segmentation: If you must continue using the device, isolate it on a separate network segment to limit the potential impact of a compromise.
• Monitor Network Traffic: Closely monitor network traffic to and from the affected devices for suspicious activity.
• Firewall Rules: Implement strict firewall rules to limit access to the device’s management interface.
• Contact Linksys Support: Contact Linksys support and request a firmware update addressing the vulnerability.

References

• GitHub Exploit Details: https://github.com/wudipjq/my_vuln/blob/main/Linksys2/vuln_64/64.md
• GitHub PoC: https://github.com/wudipjq/my_vuln/blob/main/Linksys2/vuln_64/64.md#poc
• VulDB Entry (CTI ID): https://vuldb.com/?ctiid.334524
• VulDB Entry (ID): https://vuldb.com/?id.334524
• VulDB Submit: https://vuldb.com/?submit.697982
• Linksys Official Website: https://www.linksys.com/