CVE-2025-22907

CriticalPublic PoC

Published: 16 January 2025

Published

16 January 2025

Modified

09 April 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0037 58.6th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function.

Security Summary

CVE-2025-22907 is a stack overflow vulnerability affecting RE11S version 1.11, specifically via the selSSID parameter in the formWlSiteSurvey function. Classified under CWE-120 (Buffer Copy without Checking Size of Input), it carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), marking it as critical due to its potential for severe impact.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation could lead to high confidentiality, integrity, and availability impacts, likely enabling arbitrary code execution through the stack overflow.

References include the RE11S site at http://re11s.com, a GitHub proof-of-concept repository at https://github.com/xyqer1/RE11S_1.11-formWlSiteSurvey-StackOverflow, and the Edimax global site at https://www.edimax.com/edimax/global/. No specific mitigation or patch details are detailed in the CVE description.

Details

CWE(s): CWE-120

Affected Products

edimax

re11s firmware

1.11

References

http://re11s.com
Broken Link, Not Applicable · cve@mitre.org
https://github.com/xyqer1/RE11S_1.11-formWlSiteSurvey-StackOverflow
Exploit, Third Party Advisory · cve@mitre.org
https://www.edimax.com/edimax/global/
Product · cve@mitre.org