Affected Vendors This Week
- Linksys: 8 CVEs (6 high, 2 medium)
- Cisco: 12 CVEs (2 high, 10 medium)
- TP-Link: 2 CVEs (2 high)
- Semtech: 1 CVE (1 unrated)
This week brought 23 new router and network device vulnerabilities, with a concerning concentration of critical stack-based buffer overflow issues in popular consumer and enterprise equipment. The most impactful findings center on Linksys consumer routers and range extenders, along with high-severity flaws in TP-Link devices and Cisco enterprise infrastructure.
Critical Linksys Vulnerabilities Demand Immediate Action
Linksys users should prioritize patching immediately. Three CVEs—CVE-2025-9527, CVE-2025-9525, and CVE-2025-9526—all target the Linksys E1700 (firmware 1.0.0.4.003) with identical CVSS 8.8 scores. These are stack-based buffer overflow vulnerabilities affecting critical web interface functions: QoSSetup, setWan, and setSysAdm. An unauthenticated attacker on the local network could exploit these to crash the device or potentially execute code.
Even more concerning is the scope of CVE-2025-9481, CVE-2025-9482, and CVE-2025-9483, which affect six Linksys range extender models (RE6250, RE6300, RE6350, RE6500, RE7000, RE9000) across multiple firmware versions. These stack overflow issues in IPv6 and port forwarding functions pose similar risks. Additionally, CVE-2025-9575 (medium) and CVE-2025-9528 (medium) affect the same product families.
Action: Check Linksys support pages for firmware updates immediately. If patches aren't available, consider disabling remote management access and restricting LAN access to trusted devices only.
TP-Link Archer and KP303 Users Face Authentication and RCE Risks
CVE-2025-8627 (CVSS 8.8) affects the TP-Link KP303 Smartplug, allowing unauthenticated protocol commands that can trigger unintended power-off conditions and potential information disclosure. This is particularly risky for users relying on smart plugs for critical equipment.
CVE-2025-9377 (CVSS 7.2) is an authenticated remote code execution vulnerability in the Parental Control functionality of TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. While authentication is required, RCE vulnerabilities in widely-deployed consumer routers are high-priority.
Action: Update TP-Link firmware to the latest available version. Check your device model against the affected list before deployment.
Cisco Enterprise Infrastructure Under Pressure
Cisco's 12 new CVEs span multiple product lines. The highest-impact finding is CVE-2025-20241 (CVSS 7.4), a vulnerability in the IS-IS feature of NX-OS on Nexus 3000 and 9000 Series Switches. This network protocol flaw could enable denial-of-service or disruption of routing. CVE-2025-20317 (CVSS 7.1) affects IMC vKVM connection handling, allowing unauthenticated users to redirect legitimate sessions.
The remaining Cisco CVEs are rated medium severity, affecting Nexus Dashboard, UCS Manager, and related management infrastructure. While lower in severity, these collectively represent multiple attack vectors into enterprise environments.
Action: Review Cisco Security Advisories for patch availability on your deployed versions. Prioritize Nexus and IMC systems in critical infrastructure roles.
Summary & Recommendations
This week's vulnerability load emphasizes the ongoing risks in both consumer and enterprise router equipment. Stack-based buffer overflows remain a critical threat class, particularly in web-facing management interfaces. Organizations should:
- Audit all Linksys E1700 and RE-series extenders for firmware version and apply patches immediately
- Test TP-Link device updates in non-production environments before wide rollout
- Review Cisco patch schedules for NX-OS and IMC systems
- Implement network segmentation to restrict direct access to router management interfaces
- Enable firmware auto-update features where supported