CVE-2025-9357 is a high-severity stack-based buffer overflow vulnerability affecting multiple Linksys range extender models, including RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000, specifically in firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001. The vulnerability resides in the langSwitchByBBS function within the /goform/langSwitchByBBS endpoint. An attacker can remotely manipulate the langSelectionOnly argument to trigger a stack-based buffer overflow, potentially allowing arbitrary code execution or denial of service. The vulnerability requires no user interaction and no authentication, making it remotely exploitable over the network. The CVSS 4.0 base score is 8.7, reflecting the ease of exploitation (network attack vector, low complexity), no privileges required, and no user interaction needed. The impact on confidentiality, integrity, and availability is high, as successful exploitation could lead to full device compromise, allowing attackers to intercept or manipulate network traffic, disrupt connectivity, or use the device as a foothold for further attacks. Although no patches or vendor responses have been reported, a public exploit is available, increasing the risk of exploitation. The vulnerability affects the core firmware of widely deployed Linksys range extenders, which are commonly used in home and small office networks to extend Wi-Fi coverage. The lack of vendor response and public exploit availability heighten the urgency for mitigation.

For European organizations, this vulnerability poses significant risks, especially for small and medium enterprises (SMEs) and home office environments relying on Linksys range extenders for network connectivity. Exploitation could lead to unauthorized network access, interception of sensitive communications, lateral movement within corporate networks, and disruption of network services. Given the remote exploitability without authentication, attackers can target vulnerable devices en masse, potentially creating botnets or launching further attacks against internal resources. The impact is particularly critical for organizations handling sensitive personal data under GDPR, as compromise could lead to data breaches and regulatory penalties. Additionally, disruption of network availability could affect business continuity. The presence of a public exploit increases the likelihood of opportunistic attacks, making timely mitigation essential.

1. Immediate network segmentation: Isolate vulnerable Linksys range extenders from critical network segments to limit potential lateral movement if compromised. 2. Disable remote management interfaces on affected devices to reduce exposure to external attacks. 3. Monitor network traffic for unusual activity originating from or targeting these devices, including unexpected connections or command-and-control communications. 4. Replace or upgrade affected devices where possible, prioritizing models with updated firmware or alternative hardware from vendors with active security support. 5. If firmware updates become available, apply them promptly. Until then, consider deploying network-level protections such as firewall rules blocking access to the /goform/langSwitchByBBS endpoint or rate limiting requests to mitigate exploitation attempts. 6. Conduct regular vulnerability scans and penetration tests focusing on network extenders and IoT devices to detect exploitation attempts early. 7. Educate users about the risks of using unsupported or unpatched network devices and encourage reporting of connectivity anomalies.