CVE-2025-9362 is a medium-severity stack-based buffer overflow vulnerability affecting multiple Linksys range extender models, including RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000, across firmware versions 1.0.013.001, 1.0.04.001, 1.0.04.002, 1.1.05.003, and 1.2.07.001. The vulnerability resides in the urlFilterManageRule function within the /goform/urlFilterManageRule endpoint. Specifically, improper handling and insufficient bounds checking of the arguments urlFilterRuleName, scheduleUrl, and addURLFilter can be exploited to trigger a stack-based buffer overflow. This flaw allows an attacker to remotely send crafted requests to the vulnerable device without requiring authentication or user interaction, potentially leading to arbitrary code execution or denial of service. The vendor, Linksys, was contacted prior to disclosure but did not respond or provide a patch, and no known exploits are currently reported in the wild. The CVSS 4.0 base score is 5.3, reflecting network attack vector, low attack complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability. The vulnerability’s exploitation scope is local to the device but can be triggered remotely over the network, making it a significant risk for exposed devices. Given the nature of consumer and small business network equipment, exploitation could allow attackers to compromise network traffic, pivot into internal networks, or disrupt connectivity.

For European organizations, especially small and medium enterprises (SMEs) and home offices relying on Linksys range extenders for network coverage, this vulnerability poses a tangible risk. Successful exploitation could lead to device compromise, enabling attackers to intercept or manipulate network traffic, degrade network availability, or establish persistent footholds within internal networks. This is particularly concerning for organizations handling sensitive data or critical communications over these networks. Additionally, compromised devices could be leveraged as part of botnets or for lateral movement within corporate environments. The lack of vendor response and absence of patches increases the risk window, as organizations may be forced to rely on mitigations or device replacement. The impact is amplified in environments where these extenders are directly accessible from untrusted networks or where network segmentation is weak, common in smaller European businesses and residential setups.

Given the absence of official patches, European organizations should implement the following specific mitigations: 1) Immediately audit network infrastructure to identify the presence of affected Linksys extender models and firmware versions. 2) Restrict remote access to the management interfaces of these devices by implementing firewall rules that limit access to trusted IP addresses or internal networks only. 3) Disable remote management features if not strictly necessary to reduce exposure. 4) Employ network segmentation to isolate extenders from critical assets and sensitive data flows. 5) Monitor network traffic for anomalous requests targeting /goform/urlFilterManageRule or unusual patterns indicative of exploitation attempts. 6) Consider replacing vulnerable devices with models from vendors with active security support if patching is unavailable. 7) Maintain up-to-date network monitoring and intrusion detection systems capable of detecting buffer overflow exploitation attempts. 8) Educate IT staff and users about the risks associated with unmanaged or unsupported network devices. These targeted actions go beyond generic advice by focusing on access control, network architecture, and proactive detection tailored to this specific vulnerability.