E1200 Firmware
CVE-2025-60690
HIGH
Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.
AnalysisAI
A stack-based buffer overflow vulnerability exists in the Linksys E1200 v2 router firmware that allows remote attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability occurs in the httpd binary's get_merge_ipaddr function, which improperly concatenates user-supplied CGI parameters into a fixed-size buffer without bounds checking. With publicly available proof-of-concept exploits and an EPSS score of 0.57% (68th percentile), this represents a moderate exploitation risk for affected devices.
Technical ContextAI
The vulnerability affects Linksys E1200 v2 routers running firmware version 2.0.11.001 (CPE: cpe:2.3:o:linksys:e1200_firmware:2.0.11.001:*:*:*:*:*:*:*). This is a classic stack-based buffer overflow (CWE-121) where the get_merge_ipaddr function in the httpd binary concatenates up to four user-supplied CGI parameters matching the pattern <parameter>_0 through <parameter>_3 into a fixed-size buffer without performing proper bounds checking. The httpd binary handles web interface requests on the router, making this vulnerability accessible via standard HTTP requests to the device's management interface.
RemediationAI
No official patch is currently available from Linksys for this vulnerability. As an immediate mitigation, restrict access to the router's web interface by implementing strict network segmentation and access control lists that limit connections to trusted IP addresses only. Consider replacing affected E1200 v2 routers with newer models that receive regular security updates, as the E1200 v2 appears to be end-of-life. If replacement is not immediately possible, disable remote management features and ensure the router is only accessible from the internal network. Monitor the Linksys security page for any future updates, though given the age of this model, a patch is unlikely.
More in E1200 Firmware
View allLinksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. Rated critical severity (CVSS 9.8), thi
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version
A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.
A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 route
A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmwa
An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version
A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firm
An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200
Same weakness CWE-121 – Stack-based Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today