CVE-2025-60690

HIGH

Linksys E1200 v2 Firmware - Unauthenticated Stack-based Buffer Overflow via HTTP CGI Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-60690. PoCs published by jarrett.

AI-analyzed exploit summary This exploit demonstrates an authenticated stack buffer overflow in Linksys E1200 routers (FW <= v2.0.04) via a crafted HTTP POST request to /apply.cgi, leading to remote code execution (RCE). The payload includes a reverse shell setup using a FIFO pipe and telnet.

Description

A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.

Exploits (1)

exploitdb WORKING POC

by jarrett · pythonhardwaremultiple

https://www.exploit-db.com/exploits/52548

View Code ZIP pw:eip

This exploit demonstrates an authenticated stack buffer overflow in Linksys E1200 routers (FW <= v2.0.04) via a crafted HTTP POST request to /apply.cgi, leading to remote code execution (RCE). The payload includes a reverse shell setup using a FIFO pipe and telnet.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Linksys E1200 v2.0.04 and earlier

Auth required

Prerequisites: Authenticated access to the router's web interface · Direct LAN connection to the target

MITRE ATT&CK