A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function algDisable of the file /goform/setOpMode. The manipulation of the argument opMode leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE Database V5

Detailed information about CVE-2025-8822: Stack-based Buffer Overflow in Linksys RE6250 affecting Linksys RE6250. Get real-time updates, technical details, and 

CVE-2025-8822: Stack-based Buffer Overflow in Linksys RE6250 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8822: Stack-based Buffer Overflow in Linksys RE6250

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setLan of the file /goform/setLan. The manipulation of the argument lan2enabled leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-8817 is a high-severity stack-based buffer overflow vulnerability affecting multiple Linksys range extender models, including RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000, up to firmware version 20250801. The vulnerability resides in the setLan function within the /goform/setLan endpoint, where improper handling of the 'lan2enabled' argument allows an attacker to overflow a stack buffer. This overflow can be triggered remotely without authentication or user interaction, enabling an attacker to execute arbitrary code or cause a denial of service on the affected device. The vulnerability has been publicly disclosed, and while no known exploits are currently observed in the wild, the availability of a public exploit increases the risk of exploitation. The vendor, Linksys, has not responded to early disclosure attempts, and no patches or mitigations have been officially released at this time. The CVSS v4.0 score of 8.7 reflects the high impact on confidentiality, integrity, and availability, combined with the ease of remote exploitation without privileges or user interaction. This vulnerability poses a significant threat to network security, as compromised range extenders can be used as footholds for lateral movement, data interception, or launching further attacks within corporate or home networks.

Detailed information about CVE-2025-8817: Stack-based Buffer Overflow in Linksys RE6250 affecting Linksys RE6250. Get real-time updates, technical details, and 

CVE-2025-8817: Stack-based Buffer Overflow in Linksys RE6250 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8817: Stack-based Buffer Overflow in Linksys RE6250

The provided information pertains to a set of Indicators of Compromise (IOCs) published on August 10, 2025, sourced from the ThreatFox MISP Feed. The threat is categorized under 'malware' with a focus on OSINT (Open Source Intelligence), payload delivery, and network activity. However, the details are minimal, with no specific affected software versions, no known exploits in the wild, and no patches available. The threat level is indicated as medium (threatLevel: 2), with moderate distribution (distribution: 3) and low analysis confidence (analysis: 1). The absence of concrete technical details, such as specific malware families, attack vectors, or exploitation techniques, limits the depth of analysis. The threat appears to be a collection or dissemination of IOCs related to malware activities rather than a direct vulnerability or exploit. The TLP (Traffic Light Protocol) is white, indicating the information is publicly shareable. Overall, this represents an OSINT-based threat intelligence update rather than an active or novel exploit targeting specific systems.

ThreatFox MISP Feed

FAKEUPDATES payload delivery domain (confidence level: 100%)

FAKEUPDATES payload delivery server (confidence level: 100%)

Unknown malware payload delivery domain (confidence level: 100%)

Remcos botnet C2 server (confidence level: 100%)

FAKEUPDATES botnet C2 server (confidence level: 100%)

Unknown malware botnet C2 domain (confidence level: 100%)

AdaptixC2 botnet C2 server (confidence level: 100%)

Xtreme RAT botnet C2 server (confidence level: 100%)

XWorm botnet C2 server (confidence level: 100%)

Quasar RAT botnet C2 server (confidence level: 100%)

Quasar RAT botnet C2 server (confidence level: 75%)

Cobalt Strike botnet C2 domain (confidence level: 75%)

Cobalt Strike botnet C2 server (confidence level: 75%)

Loki Password Stealer (PWS) botnet C2 server (confidence level: 75%)

Quasar RAT payload (confidence level: 95%)

Typhon Stealer payload (confidence level: 95%)

Coinminer payload (confidence level: 95%)

Luca Stealer payload (confidence level: 95%)

ValleyRAT payload (confidence level: 95%)

Cobalt Strike payload (confidence level: 95%)

Agent Tesla payload (confidence level: 95%)

MASS Logger payload (confidence level: 95%)

Detailed information about ThreatFox IOCs for 2025-08-10. Get real-time updates, technical details, and mitigation strategies.

ThreatFox IOCs for 2025-08-10 - Live Threat Intelligence - Threat Radar | OffSeq.com

ThreatFox IOCs for 2025-08-10

A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submit_SSID1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-8820 is a high-severity stack-based buffer overflow vulnerability affecting multiple Linksys Wi-Fi range extender models, including RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000, up to firmware version 20250801. The vulnerability resides in the wirelessBasic function within the /goform/wirelessBasic endpoint. Specifically, the flaw arises from improper handling of the submit_SSID1 argument, which can be manipulated by an attacker to overflow the stack buffer. This overflow can lead to arbitrary code execution or cause the device to crash, potentially resulting in denial of service. The vulnerability is remotely exploitable without authentication or user interaction, increasing its risk profile. The CVSS 4.0 score is 8.7 (high), reflecting the ease of remote exploitation and the significant impact on confidentiality, integrity, and availability. Despite early vendor notification, Linksys has not responded or released patches, and public exploit code has been disclosed, raising the likelihood of exploitation in the wild. The affected devices are commonly deployed in home and small office environments to extend wireless coverage, but their compromise could serve as a foothold for lateral movement into corporate networks or as part of botnets for broader attacks.

Detailed information about CVE-2025-8820: Stack-based Buffer Overflow in Linksys RE6250 affecting Linksys RE6250. Get real-time updates, technical details, and 

CVE-2025-8820: Stack-based Buffer Overflow in Linksys RE6250 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8820: Stack-based Buffer Overflow in Linksys RE6250

A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Detailed information about CVE-2025-8821: OS Command Injection in Linksys RE6250 affecting Linksys RE6250. Get real-time updates, technical details, and mitigat

CVE-2025-8821: OS Command Injection in Linksys RE6250

CVE-2025-8821: OS Command Injection in Linksys RE6250

Description

Technical Details

Related Threats

CVE-2025-8822: Stack-based Buffer Overflow in Linksys RE6250

CVE-2025-8817: Stack-based Buffer Overflow in Linksys RE6250

CVE-2025-8820: Stack-based Buffer Overflow in Linksys RE6250

CVE-2025-8819: Stack-based Buffer Overflow in Linksys RE6250

CVE-2025-8818: OS Command Injection in Linksys RE6250

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility