CVE-2025-60689

Name of the Vulnerable Software and Affected Versions Linksys E1200 v2 routers version prior to 2.0.11.001 us

Description A command injection issue exists in the Start EPI function of the httpd binary. The issue is due to insufficient input validation of CGI parameters (wl ant, wl ssid, wl rate, ttcp num, ttcp ip, ttcp size) before they are used to construct and execute system commands via the wl exec cmd function. This allows a remote attacker to execute arbitrary commands on the device without authentication.

Recommendations Update to a version newer than 2.0.11.001 us.