CVE-2025-9392

🗓️ 24 Aug 2025 15:02:06Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 17 Views🌐 WEB

Linksys RE extenders remote stack overflow in qosClassifier path; exploit disclosed; vendor silent.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-9392	24 Aug 202516:29	–	circl
CNNVD	Linksys多款产品安全漏洞	24 Aug 202500:00	–	cnnvd
Cvelist	CVE-2025-9392 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 qosClassifier stack-based overflow	24 Aug 202515:02	–	cvelist
EUVD	EUVD-2025-25733	3 Oct 202520:07	–	euvd
NVD	CVE-2025-9392	24 Aug 202515:15	–	nvd
Positive Technologies	PT-2025-34568 · Linksys · Linksys Re6250 +5	24 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-9392	30 Aug 202518:18	–	redhatcve
Vulnrichment	CVE-2025-9392 Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 qosClassifier stack-based overflow	24 Aug 202515:02	–	vulnrichment

NVD

Vulners

Node

linksys re6250_firmwareMatch1.0.04.001

AND

linksys re6250Match-

Node

linksys re6300_firmwareMatch1.2.07.001

AND

linksys re6300Match-

Node

linksys re6350_firmwareMatch1.0.04.001

AND

linksys re6350Match-

Node

linksys re7000_firmwareMatch1.1.05.003

AND

linksys re7000Match-

Node

linksys re9000_firmwareMatch1.0.04.002

AND

linksys re9000Match-

Node

linksys re6500_firmwareMatch1.0.013.001

AND

linksys re6500Match-

[
  {
    "vendor": "Linksys",
    "product": "RE6250",
    "versions": [
      {
        "version": "1.0.013.001",
        "status": "affected"
      },
      {
        "version": "1.0.04.001",
        "status": "affected"
      },
      {
        "version": "1.0.04.002",
        "status": "affected"
      },
      {
        "version": "1.1.05.003",
        "status": "affected"
      },
      {
        "version": "1.2.07.001",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Linksys",
    "product": "RE6300",
    "versions": [
      {
        "version": "1.0.013.001",
        "status": "affected"
      },
      {
        "version": "1.0.04.001",
        "status": "affected"
      },
      {
        "version": "1.0.04.002",
        "status": "affected"
      },
      {
        "version": "1.1.05.003",
        "status": "affected"
      },
      {
        "version": "1.2.07.001",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Linksys",
    "product": "RE6350",
    "versions": [
      {
        "version": "1.0.013.001",
        "status": "affected"
      },
      {
        "version": "1.0.04.001",
        "status": "affected"
      },
      {
        "version": "1.0.04.002",
        "status": "affected"
      },
      {
        "version": "1.1.05.003",
        "status": "affected"
      },
      {
        "version": "1.2.07.001",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Linksys",
    "product": "RE6500",
    "versions": [
      {
        "version": "1.0.013.001",
        "status": "affected"
      },
      {
        "version": "1.0.04.001",
        "status": "affected"
      },
      {
        "version": "1.0.04.002",
        "status": "affected"
      },
      {
        "version": "1.1.05.003",
        "status": "affected"
      },
      {
        "version": "1.2.07.001",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Linksys",
    "product": "RE7000",
    "versions": [
      {
        "version": "1.0.013.001",
        "status": "affected"
      },
      {
        "version": "1.0.04.001",
        "status": "affected"
      },
      {
        "version": "1.0.04.002",
        "status": "affected"
      },
      {
        "version": "1.1.05.003",
        "status": "affected"
      },
      {
        "version": "1.2.07.001",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Linksys",
    "product": "RE9000",
    "versions": [
      {
        "version": "1.0.013.001",
        "status": "affected"
      },
      {
        "version": "1.0.04.001",
        "status": "affected"
      },
      {
        "version": "1.0.04.002",
        "status": "affected"
      },
      {
        "version": "1.1.05.003",
        "status": "affected"
      },
      {
        "version": "1.2.07.001",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md
github	www.github.com/wudipjq/my_vuln/blob/main/Linksys/vuln_32/32.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
linksys	www.linksys.com/

Parameter	Position	Path	Description	CWE
dir	request body	/goform/qosClassifier	Stack-based buffer overflow in qosClassifier when manipulating multiple arguments.	CWE-119, CWE-121
sFromPort	request body	/goform/qosClassifier	Stack-based buffer overflow in qosClassifier when manipulating multiple arguments.	CWE-119, CWE-121
sToPort	request body	/goform/qosClassifier	Stack-based buffer overflow in qosClassifier when manipulating multiple arguments.	CWE-119, CWE-121
dFromPort	request body	/goform/qosClassifier	Stack-based buffer overflow in qosClassifier when manipulating multiple arguments.	CWE-119, CWE-121
dToPort	request body	/goform/qosClassifier	Stack-based buffer overflow in qosClassifier when manipulating multiple arguments.	CWE-119, CWE-121
protocol	request body	/goform/qosClassifier	Stack-based buffer overflow in qosClassifier when manipulating multiple arguments.	CWE-119, CWE-121
layer7	request body	/goform/qosClassifier	Stack-based buffer overflow in qosClassifier when manipulating multiple arguments.	CWE-119, CWE-121
dscp	request body	/goform/qosClassifier	Stack-based buffer overflow in qosClassifier when manipulating multiple arguments.	CWE-119, CWE-121
remark_dscp	request body	/goform/qosClassifier	Stack-based buffer overflow in qosClassifier when manipulating multiple arguments.	CWE-119, CWE-121

02 Sep 2025 18:18Current

8.8High risk

Vulners AI Score8.8

CVSS 48.7

CVSS 3.18.8

CVSS 29

CVSS 38.8

EPSS0.00345

SSVC