CVE-2025-14134 is a stack-based buffer overflow vulnerability identified in several Linksys range extender models (RE6500, RE6250, RE6300, RE6350, RE7000, RE9000) running firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001. The vulnerability resides in the function RE2000v2Repeater_get_wireless_clientlist_setClientsName within the mod_form.so module. Specifically, the argument clientsname_0 is improperly handled, allowing an attacker to overflow the stack buffer remotely without requiring authentication or user interaction. This can lead to arbitrary code execution or device crash, compromising the device’s confidentiality, integrity, and availability. The vulnerability has a CVSS 4.0 base score of 8.7, reflecting its high impact and ease of exploitation (network attack vector, low attack complexity, no privileges or user interaction needed). The vendor was contacted early but has not issued any patches or advisories, and a public exploit has been disclosed, increasing the likelihood of exploitation. The affected devices are commonly used in home and small office environments to extend wireless coverage, but they may also be present in enterprise edge networks. The lack of vendor response and patch availability means organizations must rely on alternative mitigations to protect their networks. The vulnerability does not require physical access and can be exploited remotely over the network, making it a significant threat to any network segment where these devices are deployed.

For European organizations, exploitation of this vulnerability could lead to complete compromise of affected Linksys range extenders, allowing attackers to execute arbitrary code, disrupt network connectivity, or pivot into internal networks. This threatens the confidentiality of sensitive communications passing through these devices, the integrity of network traffic, and the availability of network services dependent on wireless connectivity. Critical infrastructure, government agencies, and enterprises relying on these devices for network extension may face operational disruptions or data breaches. The remote and unauthenticated nature of the exploit increases the risk of widespread attacks, especially in environments where these devices are exposed to untrusted networks or the internet. The absence of vendor patches exacerbates the risk, forcing organizations to consider device replacement or network architecture changes. Additionally, compromised devices could be leveraged as entry points for broader attacks, including lateral movement and persistent access within corporate or governmental networks.

Given the lack of official patches, European organizations should immediately audit their networks to identify the presence of affected Linksys range extender models and firmware versions. Where possible, disable or isolate these devices from critical network segments and the internet to prevent remote exploitation. Replace vulnerable devices with updated hardware from vendors providing timely security updates. Implement network segmentation to limit the impact of any potential compromise, ensuring that these devices do not have access to sensitive internal resources. Employ strict firewall rules to restrict inbound and outbound traffic to and from these devices. Monitor network traffic for unusual activity indicative of exploitation attempts targeting the clientsname_0 parameter or related functions. Consider deploying intrusion detection/prevention systems (IDS/IPS) with signatures for this vulnerability once available. Maintain up-to-date asset inventories and ensure that all network devices are included in vulnerability management programs. Engage with Linksys or parent company support channels to seek updates or advisories and track any future patch releases.