62
CVEs
1
Critical
44
High
0
KEV
59
PoC
45
Unpatched C/H
0.0%
Patch Rate
1.9%
Avg EPSS
Severity Breakdown
CRITICAL
1
HIGH
44
MEDIUM
5
LOW
12
Monthly CVE Trend
Affected Products (30)
Re6500 Firmware
36
Re7000 Firmware
35
Re6300 Firmware
34
Re6250 Firmware
33
Re6350 Firmware
33
Re9000 Firmware
33
E5600 Firmware
14
E1200 Firmware
10
E8450 Firmware
10
E7350 Firmware
8
E1700 Firmware
5
E2500 Firmware
5
Ea6500 Firmware
5
Ea6500
5
Wrt54Gl Firmware
4
E2000 Firmware
3
Ea4500 Firmware
3
Ea6400
2
Ea6700 Firmware
2
Ea6700
2
Ea2700 Firmware
2
Ea6400 Firmware
2
Ea6900
2
Wrt1900Acs Firmware
2
Ea3500 Firmware
2
Ea3500
2
Ea4500
2
Ea6300 Firmware
2
Ea6200
2
E4200V2 Firmware
2
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2013-10058 | An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.6%. | HIGH | 8.6 | 46.6% | 125 |
PoC
No patch
|
| CVE-2013-10062 | A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 42.7%. | MEDIUM | 6.9 | 42.7% | 97 |
PoC
No patch
|
| CVE-2025-60691 | A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.8 | 0.8% | 65 |
PoC
No patch
|
| CVE-2025-60690 | A stack-based buffer overflow vulnerability exists in the Linksys E1200 v2 router firmware that allows remote attackers to execute arbitrary code or cause denial of service without authentication. The vulnerability occurs in the httpd binary's get_merge_ipaddr function, which improperly concatenates user-supplied CGI parameters into a fixed-size buffer without bounds checking. With publicly available proof-of-concept exploits and an EPSS score of 0.57% (68th percentile), this represents a moderate exploitation risk for affected devices. | HIGH | 8.8 | 0.6% | 65 |
PoC
No patch
|
| CVE-2025-60694 | A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 5.1% | 63 |
PoC
No patch
|
| CVE-2025-60692 | A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.4 | 0.0% | 62 |
PoC
No patch
|
| CVE-2025-60696 | A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.4 | 0.0% | 62 |
PoC
No patch
|
| CVE-2026-4558 | OS command injection in Linksys MR9600 mesh router firmware 2.0.6.206937 allows authenticated remote attackers to execute arbitrary system commands with router privileges via crafted Smart Connect configuration parameters. The vulnerability exists in the SmartConnect.lua file's smartConnectConfigure function, which fails to sanitize user input in configApSsid, configApPassphrase, srpLogin, and srpPassword arguments before passing them to system commands. Publicly available exploit code exists (GitHub POC), but EPSS indicates low (0.15%) exploitation probability and CISA has not listed this in KEV, suggesting limited real-world targeting. Vendor (Linksys) did not respond to researcher disclosure. | HIGH | 7.4 | 0.2% | 57 |
PoC
No patch
|
| CVE-2025-60693 | A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 6.5 | 2.8% | 55 |
PoC
No patch
|
| CVE-2025-44654 | Improper access control in the Linksys E2500 wireless router (firmware 3.0.04.002) stems from its bundled vsftpd FTP service, where the reporter flags the chroot_local_user setting as enabling unauthorized reach into system files, privilege escalation, or lateral pivoting into the internal network. The E2500 is a discontinued consumer/SOHO router, and no public exploit identified at time of analysis; EPSS estimates only a 1.08% exploitation probability (61st percentile). Notably, the single reference is a third-party GitHub gist rather than a vendor advisory, and the technical claim is internally inconsistent (see risk assessment). | CRITICAL | 9.8 | 1.1% | 50 |
No patch
|
| CVE-2025-60695 | A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 5.9 | 0.0% | 50 |
PoC
No patch
|
| CVE-2025-60689 | An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | MEDIUM | 5.4 | 0.2% | 47 |
PoC
No patch
|
| CVE-2026-6992 | OS command injection in Linksys MR9600 router firmware 2.0.6.206937 allows authenticated administrators to execute arbitrary system commands via crafted 'pin' parameter to the BTRequestGetSmartConnectStatus JNAP action handler. Publicly available exploit code exists (CVSS E:P), enabling remote compromise of router with full system-level access. Vendor notified but unresponsive, leaving users without confirmed patch. EPSS data not available; CVSS 7.3 severity reflects high impact limited by high privilege requirement (PR:H). | HIGH | 7.3 | 0.1% | 37 |
No patch
|
| CVE-2025-8818 | A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | LOW | 2.1 | 0.4% | 31 |
PoC
No patch
|
| CVE-2025-8821 | A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | LOW | 2.1 | 0.4% | 31 |
PoC
No patch
|