CVE-2025-8820 - Linksys Wireless Router Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-8820
Published : Aug. 11, 2025, 12:15 a.m. | 2 hours, 23 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submit_SSID1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8820
Published : Aug. 11, 2025, 12:15 a.m. | 2 hours, 23 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function wirelessBasic of the file /goform/wirelessBasic. The manipulation of the argument submit_SSID1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8821 - Linksys WiFi Router OS Command Injection Vulnerability
CVE ID : CVE-2025-8821
Published : Aug. 11, 2025, 1:15 a.m. | 1 hour, 22 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8821
Published : Aug. 11, 2025, 1:15 a.m. | 1 hour, 22 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function RP_setBasic of the file /goform/RP_setBasic. The manipulation of the argument bssid leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8822 - Linksys RE Series Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-8822
Published : Aug. 11, 2025, 1:15 a.m. | 1 hour, 22 minutes ago
Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function algDisable of the file /goform/setOpMode. The manipulation of the argument opMode leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8822
Published : Aug. 11, 2025, 1:15 a.m. | 1 hour, 22 minutes ago
Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function algDisable of the file /goform/setOpMode. The manipulation of the argument opMode leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8823 - Linksys Wireless Router Os Command Injection Vulnerability
CVE ID : CVE-2025-8823
Published : Aug. 11, 2025, 2:15 a.m. | 23 minutes ago
Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8823
Published : Aug. 11, 2025, 2:15 a.m. | 23 minutes ago
Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setDeviceName of the file /goform/setDeviceName. The manipulation of the argument DeviceName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8824 - Linksys Wireless Routers Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-8824
Published : Aug. 11, 2025, 2:15 a.m. | 23 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8824
Published : Aug. 11, 2025, 2:15 a.m. | 23 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setRIP of the file /goform/setRIP. The manipulation of the argument RIPmode/RIPpasswd leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8825 - Linksys Router OS Command Injection Vulnerability
CVE ID : CVE-2025-8825
Published : Aug. 11, 2025, 3:15 a.m. | 3 hours, 23 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8825
Published : Aug. 11, 2025, 3:15 a.m. | 3 hours, 23 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function RP_setBasicAuto of the file /goform/RP_setBasicAuto. The manipulation of the argument staticIp/staticNetmask leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8826 - Linksys Wireless Router Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-8826
Published : Aug. 11, 2025, 3:15 a.m. | 3 hours, 23 minutes ago
Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function um_rp_autochannel of the file /goform/RP_setBasicAuto. The manipulation of the argument apcli_AuthMode_2G/apcli_AuthMode_5G leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8826
Published : Aug. 11, 2025, 3:15 a.m. | 3 hours, 23 minutes ago
Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function um_rp_autochannel of the file /goform/RP_setBasicAuto. The manipulation of the argument apcli_AuthMode_2G/apcli_AuthMode_5G leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24298 - OpenHarmony TCB Use-After-Free Vulnerability
CVE ID : CVE-2025-24298
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24298
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24844 - OpenHarmony Memory Leaking DOS Vulnerability
CVE ID : CVE-2025-24844
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24844
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-24925 - OpenHarmony Memory Leaks Denial of Service Vulnerability
CVE ID : CVE-2025-24925
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24925
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25212 - OpenHarmony Denial of Service Vulnerability
CVE ID : CVE-2025-25212
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25212
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25278 - OpenHarmony TCB Race Condition Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-25278
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25278
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26690 - OpenHarmony NULL Pointer Dereference Denial of Service Vulnerability
CVE ID : CVE-2025-26690
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26690
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27128 - OpenHarmony TCB Use After Free Arbitrary Code Execution
CVE ID : CVE-2025-27128
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27128
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27536 - OpenHarmony Type Confusion DOS
CVE ID : CVE-2025-27536
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27536
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27562 - OpenHarmony DoS Memory Leak
CVE ID : CVE-2025-27562
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27562
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27577 - Apache OpenHarmony TCB Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-27577
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27577
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8827 - Linksys Router Remote Os Command Injection Vulnerability
CVE ID : CVE-2025-8827
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8827
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8828 - Linksys RE Series IPv6 Command Injection Vulnerability
CVE ID : CVE-2025-8828
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8828
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8829 - Linksys Wireless Router OS Command Injection Vulnerability
CVE ID : CVE-2025-8829
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8829
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8830 - Linksys Router Os Command Injection Vulnerability
CVE ID : CVE-2025-8830
Published : Aug. 11, 2025, 5:15 a.m. | 1 hour, 23 minutes ago
Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8830
Published : Aug. 11, 2025, 5:15 a.m. | 1 hour, 23 minutes ago
Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...