VDB-321059 · CVE-2025-9356 · GCVE-100-321059

Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 /goform/inboundFilterAdd ruleName Pufferüberlauf

Hakika vulnerability da aka rarraba a matsayin kura an gano a Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Tabbas, aikin inboundFilterAdd ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /goform/inboundFilterAdd, a cikin sashi $software_component. Wuro manipulation of the argument ruleName ga Pufferüberlauf. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-121. Lalle, rauni an sanar da shi 08/22/2025. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2025-9356. Ngam yiɗi ka a tuma ndiyam ka nder waya. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

2 Goyarwa · 89 Datenpunkte

Furɗe	Súgá 08/22/2025 17:45	Gargadi 1/1 09/03/2025 03:21
software_vendor	Linksys	Linksys
software_name	RE6250/RE6300/RE6350/RE6500/RE7000/RE9000	RE6250/RE6300/RE6350/RE6500/RE7000/RE9000
software_version	1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001	1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001
software_file	/goform/inboundFilterAdd	/goform/inboundFilterAdd
software_function	inboundFilterAdd	inboundFilterAdd
software_argument	ruleName	ruleName
vulnerability_cwe	CWE-121 (Pufferüberlauf)	CWE-121 (Pufferüberlauf)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	H	H
cvss3_vuldb_i	H	H
cvss3_vuldb_a	H	H
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
advisory_url	https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md	https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc	https://github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_24/24.md#poc
source_cve	CVE-2025-9356	CVE-2025-9356
cna_responsible	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	C	C
cvss2_vuldb_ii	C	C
cvss2_vuldb_ai	C	C
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	H	H
cvss4_vuldb_vi	H	H
cvss4_vuldb_va	H	H
cvss4_vuldb_e	P	P
cvss2_vuldb_au	S	S
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_pr	L	L
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0
cvss3_meta_basescore	8.8	8.8
cvss3_meta_tempscore	8.0	8.4
cvss4_vuldb_bscore	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4
advisory_date	1755813600 (08/22/2025)	1755813600 (08/22/2025)
price_0day	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can lead to stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
cve_nvd_summaryes		Se detectó una vulnerabilidad en Linksys RE6250, RE6300, RE6350, RE6500, RE7000 y RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. La función inboundFilterAdd del archivo /goform/inboundFilterAdd se ve afectada. La manipulación del argumento ruleName puede provocar un desbordamiento del búfer en la pila. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		L
cvss4_cna_ui		N
cvss4_cna_vc		H
cvss4_cna_vi		H
cvss4_cna_va		H
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		8.7
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		L
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		H
cvss3_cna_i		H
cvss3_cna_a		H
cvss3_cna_basescore		8.8
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		S
cvss2_cna_ci		C
cvss2_cna_ii		C
cvss2_cna_ai		C
cvss2_cna_basescore		9

◂ Gurɗo Gumti Gada ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!