{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6752", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-26T20:13:50.409Z", "datePublished": "2025-06-27T03:31:06.429Z", "dateUpdated": "2025-06-27T14:20:16.274Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-27T03:31:06.429Z"}, "title": "Linksys WRT1900ACS/EA7200/EA7450/EA7500 IGD Layer3Forwarding SetDefaultConnectionService stack-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Linksys", "product": "WRT1900ACS", "versions": [{"version": "20250619", "status": "affected"}], "modules": ["IGD"]}, {"vendor": "Linksys", "product": "EA7200", "versions": [{"version": "20250619", "status": "affected"}], "modules": ["IGD"]}, {"vendor": "Linksys", "product": "EA7450", "versions": [{"version": "20250619", "status": "affected"}], "modules": ["IGD"]}, {"vendor": "Linksys", "product": "EA7500", "versions": [{"version": "20250619", "status": "affected"}], "modules": ["IGD"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 and EA7500 up to 20250619 and classified as critical. This vulnerability affects the function SetDefaultConnectionService of the file /upnp/control/Layer3Forwarding of the component IGD. The manipulation of the argument NewDefaultConnectionService leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In Linksys WRT1900ACS, EA7200, EA7450 and EA7500 bis 20250619 wurde eine kritische Schwachstelle gefunden. Es geht um die Funktion SetDefaultConnectionService der Datei /upnp/control/Layer3Forwarding der Komponente IGD. Dank der Manipulation des Arguments NewDefaultConnectionService mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-06-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-26T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-26T22:19:04.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "starash (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.314050", "name": "VDB-314050 | Linksys WRT1900ACS/EA7200/EA7450/EA7500 IGD Layer3Forwarding SetDefaultConnectionService stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.314050", "name": "VDB-314050 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.600638", "name": "Submit #600638 | Linksys WRT1900ACS Ver. 2.0.3.201002 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/feiwuxingxie/cve/blob/main/linksys/vul01/1.md", "tags": ["related"]}, {"url": "https://github.com/feiwuxingxie/cve/blob/main/linksys/vul01/1.md#poc", "tags": ["exploit"]}, {"url": "https://www.linksys.com/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-27T14:19:53.625787Z", "id": "CVE-2025-6752", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-27T14:20:16.274Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6752", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-27T14:19:53.625787Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-27T14:20:12.290Z"}}], "cna": {"title": "Linksys WRT1900ACS/EA7200/EA7450/EA7500 IGD Layer3Forwarding SetDefaultConnectionService stack-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "starash (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Linksys", "modules": ["IGD"], "product": "WRT1900ACS", "versions": [{"status": "affected", "version": "20250619"}]}, {"vendor": "Linksys", "modules": ["IGD"], "product": "EA7200", "versions": [{"status": "affected", "version": "20250619"}]}, {"vendor": "Linksys", "modules": ["IGD"], "product": "EA7450", "versions": [{"status": "affected", "version": "20250619"}]}, {"vendor": "Linksys", "modules": ["IGD"], "product": "EA7500", "versions": [{"status": "affected", "version": "20250619"}]}], "timeline": [{"lang": "en", "time": "2025-06-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-26T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-26T22:19:04.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.314050", "name": "VDB-314050 | Linksys WRT1900ACS/EA7200/EA7450/EA7500 IGD Layer3Forwarding SetDefaultConnectionService stack-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.314050", "name": "VDB-314050 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.600638", "name": "Submit #600638 | Linksys WRT1900ACS Ver. 2.0.3.201002 Stack-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/feiwuxingxie/cve/blob/main/linksys/vul01/1.md", "tags": ["related"]}, {"url": "https://github.com/feiwuxingxie/cve/blob/main/linksys/vul01/1.md#poc", "tags": ["exploit"]}, {"url": "https://www.linksys.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 and EA7500 up to 20250619 and classified as critical. This vulnerability affects the function SetDefaultConnectionService of the file /upnp/control/Layer3Forwarding of the component IGD. The manipulation of the argument NewDefaultConnectionService leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In Linksys WRT1900ACS, EA7200, EA7450 and EA7500 bis 20250619 wurde eine kritische Schwachstelle gefunden. Es geht um die Funktion SetDefaultConnectionService der Datei /upnp/control/Layer3Forwarding der Komponente IGD. Dank der Manipulation des Arguments NewDefaultConnectionService mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "Stack-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-27T03:31:06.429Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6752", "state": "PUBLISHED", "dateUpdated": "2025-06-27T14:20:16.274Z", "dateReserved": "2025-06-26T20:13:50.409Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-27T03:31:06.429Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 and EA7500 up to 20250619 and classified as critical. This vulnerability affects the function SetDefaultConnectionService of the file /upnp/control/Layer3Forwarding of the component IGD. The manipulation of the argument NewDefaultConnectionService leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en Linksys WRT1900ACS, EA7200, EA7450 y EA7500 hasta la versi\u00f3n 20250619, clasificada como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n SetDefaultConnectionService del archivo /upnp/control/Layer3Forwarding del componente IGD. La manipulaci\u00f3n del argumento NewDefaultConnectionService provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se contact\u00f3 al proveedor con antelaci\u00f3n para informarle sobre esta divulgaci\u00f3n, pero no respondi\u00f3."}], "id": "CVE-2025-6752", "lastModified": "2025-06-30T18:38:48.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-27T04:16:01.407", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/feiwuxingxie/cve/blob/main/linksys/vul01/1.md"}, {"source": "cna@vuldb.com", "url": "https://github.com/feiwuxingxie/cve/blob/main/linksys/vul01/1.md#poc"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.314050"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.314050"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.600638"}, {"source": "cna@vuldb.com", "url": "https://www.linksys.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-121"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}