CVE-2014-125122
published 2025-07-31CVE-2014-125122: A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by…
PriorityP338medium5.3CVSS 4.0
AVAACLATNPRNUINVCLVILVALSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.73%
49.5th percentile
A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST request with an overly long TM_Block_URL parameter to the endpoint. By exploiting this flaw, an unauthenticated remote attacker can overwrite memory in a controlled manner, enabling them to temporarily reset the administrator password of the device to a blank value. This grants unauthorized access to the router’s web management interface without requiring valid credentials.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linksys | wrt120n | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttps://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb↗
- →Monitor for HTTP POST requests targeting the /tmUnblock.cgi endpoint on Linksys WRT120N devices, especially those with an abnormally long TM_Block_URL parameter value indicative of a buffer overflow attempt. ↗
- →A public Metasploit auxiliary module (linksys_tmunblock_admin_reset_bof.rb) exists for this vulnerability; correlate IDS/IPS alerts with known Metasploit HTTP patterns against /tmUnblock.cgi. ↗
- ·Exploitation has only been confirmed on firmware version 1.0.07 of the Linksys WRT120N; detection and impact may differ on other firmware versions. ↗
- ·The password reset effect is temporary; defenders should note that the admin password is only blanked for a short window, making forensic detection time-sensitive. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rbhttps://web.archive.org/web/20210424073058/http://www.devttys0.com/2014/02/wrt120n-fprintf-stack-overflow/https://www.exploit-db.com/exploits/31758https://www.vulncheck.com/advisories/linksys-wrt120n-stack-based-buffer-overflow-admin-password-reset
2025-07-31
Published