CVE-2025-14134 is a stack-based buffer overflow vulnerability identified in several Linksys range extender models (RE6500, RE6250, RE6300, RE6350, RE7000, and RE9000) running specific firmware versions (1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, 1.2.07.001). The vulnerability resides in the function RE2000v2Repeater_get_wireless_clientlist_setClientsName within the mod_form.so library. This function improperly processes the argument clientsname_0, allowing an attacker to craft a malicious input that causes a stack-based buffer overflow. This overflow can be exploited remotely over the network without requiring authentication or user interaction, enabling an attacker to execute arbitrary code with elevated privileges on the device. The vulnerability has a CVSS 4.0 base score of 8.7, indicating high severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H, VI:H, VA:H). The vendor was contacted early but has not issued any patches or advisories, and a public exploit has been disclosed, increasing the risk of exploitation. The affected devices are commonly used as wireless range extenders in both consumer and enterprise environments, potentially exposing internal networks to compromise if exploited. The lack of vendor response and public exploit availability necessitates immediate defensive actions by users and administrators.

For European organizations, this vulnerability poses a significant risk due to the widespread use of Linksys range extenders in both home office and enterprise environments. Exploitation could allow attackers to gain unauthorized access to internal networks, bypass security controls, and execute arbitrary code on network devices, potentially leading to data breaches, lateral movement within corporate networks, and disruption of network availability. The high severity and remote exploitability without authentication make it a critical threat for organizations relying on these devices for network extension. Additionally, the absence of vendor patches increases the window of exposure, making mitigation challenging. Sensitive sectors such as finance, healthcare, and government agencies in Europe could face heightened risks due to the potential for espionage, data theft, or service disruption. The vulnerability could also be leveraged to establish persistent footholds or launch further attacks against connected systems.

1. Immediately identify and inventory all Linksys range extenders in use, focusing on the affected models and firmware versions. 2. Where possible, disconnect vulnerable devices from the network or isolate them in segmented network zones to limit exposure. 3. Monitor network traffic for unusual activity targeting these devices, including malformed packets or attempts to exploit the clientsname_0 parameter. 4. Apply strict firewall rules to restrict access to the management interfaces of these devices, allowing only trusted IP addresses. 5. Regularly check for vendor updates or security advisories and apply patches promptly once available. 6. Consider replacing vulnerable devices with alternatives from vendors with active security support if patches are not forthcoming. 7. Implement network intrusion detection/prevention systems (IDS/IPS) with signatures for this vulnerability once available. 8. Educate IT staff and users about the risks associated with these devices and the importance of timely updates and network hygiene. 9. Conduct penetration testing and vulnerability scanning focused on network infrastructure to detect exploitation attempts. 10. Maintain up-to-date backups and incident response plans to quickly recover from potential compromises.