cbcvebase.
CVE-2014-125122
published 2025-07-31

CVE-2014-125122: A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by…

PriorityP338medium5.3CVSS 4.0
AVAACLATNPRNUINVCLVILVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.73%
49.5th percentile
A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST request with an overly long TM_Block_URL parameter to the endpoint. By exploiting this flaw, an unauthenticated remote attacker can overwrite memory in a controlled manner, enabling them to temporarily reset the administrator password of the device to a blank value. This grants unauthorized access to the router’s web management interface without requiring valid credentials.

Affected

1 ranges
VendorProductVersion rangeFixed in
linksyswrt120n

Detection & IOCsextracted from sources · hover to see the quote

path/tmUnblock.cgi
otherTM_Block_URL
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb
  • Monitor for HTTP POST requests targeting the /tmUnblock.cgi endpoint on Linksys WRT120N devices, especially those with an abnormally long TM_Block_URL parameter value indicative of a buffer overflow attempt.
  • A public Metasploit auxiliary module (linksys_tmunblock_admin_reset_bof.rb) exists for this vulnerability; correlate IDS/IPS alerts with known Metasploit HTTP patterns against /tmUnblock.cgi.
  • ·Exploitation has only been confirmed on firmware version 1.0.07 of the Linksys WRT120N; detection and impact may differ on other firmware versions.
  • ·The password reset effect is temporary; defenders should note that the admin password is only blanked for a short window, making forensic detection time-sensitive.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.