CVE-2025-60693

MEDIUM

Linksys E1200 v2 - Buffer Overflow

Title source: llm

Description

A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to six user-supplied CGI parameters matching <parameter>_0~5 into a fixed-size buffer (a2) without proper bounds checking, appending colon delimiters during concatenation. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.

References (3)

Scores

CVSS v3 6.5
EPSS 0.0172
EPSS Percentile 82.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Classification

CWE
CWE-121
Status published

Affected Products (1)

linksys/e1200_firmware

Timeline

Published Nov 13, 2025
Tracked Since Feb 18, 2026