Linksys E1700 QoSSetup stack-based overflow_CVE-2025-9527

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ack_policy results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-9527

Source VulDB

Published Aug 27, 2025 at 13:02

Modified Aug 27, 2025 at 13:28

Affected Product

Vendor Linksys

Product E1700

Version 1.0.0.4.003

Affected Versions Linksys E1700 1.0.0.4.003

CWE Classification

CWE-121 CWE-119

References

{
    "lastseen": "",
    "description": "A vulnerability was found in Linksys E1700 1.0.0.4.003. This affects the function QoSSetup of the file /goform/QoSSetup. Performing manipulation of the argument ack_policy results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-08-27T13:02:06.341Z",
    "modified": "2025-08-27T13:28:00.394Z",
    "type": "cve",
    "title": "Linksys E1700 QoSSetup stack-based overflow",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.321544\nhttps://vuldb.com/?ctiid.321544\nhttps://vuldb.com/?submit.634826\nhttps://github.com/wudipjq/my_vuln/blob/main/Linksys2/vuln_60/60.md\nhttps://github.com/wudipjq/my_vuln/blob/main/Linksys2/vuln_60/60.md#poc\nhttps://www.linksys.com/",
    "id": "CVE-2025-9527",
    "bulletinFamily": "",
    "cwe": [
        "CWE-121",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "Linksys E1700 1.0.0.4.003",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "E1700",
    "version": "1.0.0.4.003",
    "vendor": "Linksys",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}