CVE-2025-60690

HIGH
2025-11-13 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:45 vuln.today
PoC Detected
Mar 17, 2026 - 16:16 vuln.today
Public exploit code
CVE Published
Nov 13, 2025 - 17:15 nvd
HIGH 8.8

Tags

Linksys RCE Denial Of Service Buffer Overflow E1200 Firmware

Description

A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.

Analysis

A stack-based buffer overflow vulnerability exists in the Linksys E1200 v2 router firmware that allows remote attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability occurs in the httpd binary's get_merge_ipaddr function, which improperly concatenates user-supplied CGI parameters into a fixed-size buffer without bounds checking. With publicly available proof-of-concept exploits and an EPSS score of 0.57% (68th percentile), this represents a moderate exploitation risk for affected devices.

Technical Context

The vulnerability affects Linksys E1200 v2 routers running firmware version 2.0.11.001 (CPE: cpe:2.3:o:linksys:e1200_firmware:2.0.11.001:*:*:*:*:*:*:*). This is a classic stack-based buffer overflow (CWE-121) where the get_merge_ipaddr function in the httpd binary concatenates up to four user-supplied CGI parameters matching the pattern <parameter>_0 through <parameter>_3 into a fixed-size buffer without performing proper bounds checking. The httpd binary handles web interface requests on the router, making this vulnerability accessible via standard HTTP requests to the device's management interface.

Affected Products

Linksys E1200 v2 routers running firmware version 2.0.11.001 are affected by this vulnerability, as confirmed by the CPE identifier cpe:2.3:o:linksys:e1200_firmware:2.0.11.001:*:*:*:*:*:*:*. The vulnerability specifically targets the US firmware build (E1200_v2.0.11.001_us.tar.gz). For vendor information and potential security advisories, refer to the Linksys website at https://www.linksys.com/ and http://linksys.com, though no official advisory appears to be available at this time.

Remediation

No official patch is currently available from Linksys for this vulnerability. As an immediate mitigation, restrict access to the router's web interface by implementing strict network segmentation and access control lists that limit connections to trusted IP addresses only. Consider replacing affected E1200 v2 routers with newer models that receive regular security updates, as the E1200 v2 appears to be end-of-life. If replacement is not immediately possible, disable remote management features and ensure the router is only accessible from the internal network. Monitor the Linksys security page for any future updates, though given the age of this model, a patch is unlikely.

Priority Score

65
Low Medium High Critical
KEV: 0
EPSS: +0.6
CVSS: +44
POC: +20

Share

CVE-2025-60690 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy