9
CVEs
0
Critical
6
High
0
KEV
9
PoC
6
Unpatched C/H
0.0%
Patch Rate
1.1%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
6
MEDIUM
3
LOW
0
Monthly CVE Trend
Affected Products (16)
Re7000 Firmware
44
Re6300 Firmware
43
Re6250 Firmware
43
Re6350 Firmware
43
Re9000 Firmware
43
Re6500 Firmware
42
Command Injection
34
E5600 Firmware
12
E8450 Firmware
10
E7350 Firmware
8
E1200 Firmware
6
Stack Overflow
6
E1700 Firmware
4
Fgw3000 Ah Firmware
2
Fgw3000 Hk Firmware
2
Wap610N Firmware
1
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-60690 | A stack-based buffer overflow vulnerability exists in the Linksys E1200 v2 router firmware that allows remote attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability occurs in the httpd binary's get_merge_ipaddr function, which improperly concatenates user-supplied CGI parameters into a fixed-size buffer without bounds checking. With publicly available proof-of-concept exploits and an EPSS score of 0.57% (68th percentile), this represents a moderate exploitation risk for affected devices. | HIGH | 8.8 | 0.6% | 65 |
PoC
No patch
|
| CVE-2026-4558 | Unauthenticated attackers can inject arbitrary operating system commands through manipulated parameters in the SmartConnect configuration function of Linksys MR9600 firmware version 2.0.6.206937, achieving remote code execution with high privileges. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The attack requires only network access and low complexity, making it immediately exploitable in affected deployments. | HIGH | 8.8 | 0.2% | 64 |
PoC
No patch
|
| CVE-2025-60689 | An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 5.4 | 0.2% | – |
PoC
No patch
|
| CVE-2025-60691 | A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.8 | 0.8% | – |
PoC
No patch
|
| CVE-2025-60692 | A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.4 | 0.0% | – |
PoC
No patch
|
| CVE-2025-60694 | A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 5.1% | – |
PoC
No patch
|
| CVE-2025-60695 | A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 5.9 | 0.0% | – |
PoC
No patch
|
| CVE-2025-60696 | A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.4 | 0.0% | – |
PoC
No patch
|
| CVE-2025-60693 | A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.5 | 2.8% | – |
PoC
No patch
|