Overview
A high-severity vulnerability, identified as CVE-2025-14136, has been discovered in several Linksys range extender models, specifically RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000 running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001. This vulnerability is a stack-based buffer overflow that can be exploited remotely. The vendor was notified but did not respond. Proof-of-concept exploit code is publicly available, increasing the risk of exploitation.
Technical Details
The vulnerability resides within the RE2000v2Repeater_get_wired_clientlist_setClientsName function in the mod_form.so file of the affected Linksys range extenders. The issue arises from insufficient bounds checking when handling the clientsname_0 argument. By manipulating this argument with a string exceeding the buffer’s capacity, an attacker can overwrite data on the stack, potentially leading to arbitrary code execution.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) score for CVE-2025-14136 is 8.8 (HIGH).
This score reflects the following characteristics:
- Attack Vector: Network (AV:N) – The vulnerability is exploitable over a network.
- Attack Complexity: Low (AC:L) – The conditions for exploitation are easily met.
- Privileges Required: None (PR:N) – No privileges are required to exploit the vulnerability.
- User Interaction: None (UI:N) – No user interaction is required.
- Scope: Unchanged (S:U) – An exploited vulnerability can only affect resources managed by the same security authority.
- Confidentiality Impact: High (C:H) – There is a total loss of confidentiality, resulting in all resources within the impacted component being divulged to the attacker.
- Integrity Impact: High (I:H) – There is a total loss of integrity, resulting in a complete and irreversible alteration of resources within the impacted component.
- Availability Impact: High (A:H) – There is a total loss of availability, resulting in the attacker being able to fully disrupt access to resources in the impacted component; this loss is either persistent or irreversible.
Possible Impact
Successful exploitation of CVE-2025-14136 could have severe consequences, including:
- Remote Code Execution: An attacker could potentially execute arbitrary code on the device, gaining complete control.
- Denial of Service (DoS): The device could be rendered unusable, disrupting network connectivity.
- Data Breach: Sensitive information stored on or transmitted through the device could be compromised.
- Lateral Movement: An attacker could use the compromised device as a foothold to attack other devices on the network.
Mitigation or Patch Steps
Unfortunately, at the time of writing, Linksys has not released a patch or provided mitigation guidance for CVE-2025-14136. Given the lack of vendor response, users are strongly advised to consider the following, although they may not fully mitigate the risk:
- Discontinue Use: The most effective mitigation is to discontinue the use of the affected Linksys range extenders (RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000).
- Network Segmentation: If discontinuing use is not possible, isolate the range extender on a separate network segment to limit the potential impact of a compromise.
- Monitor Network Traffic: Closely monitor network traffic to and from the range extender for suspicious activity.
- Enable Firewall: Ensure that your firewall is properly configured to block unauthorized access to the range extender.
We will update this article if Linksys releases a patch or provides official mitigation guidance.