CVE-2025-60690

Name of the Vulnerable Software and Affected Versions Linksys E1200 v2 routers versions prior to 2.0.11.001 us

Description A flaw exists in the get merge ipaddr function within the httpd binary. This function does not properly validate the length of data when combining user-supplied CGI parameters (parameter 0 through parameter 3) into a buffer (a2). An attacker can leverage this to trigger a stack-based buffer overflow by sending crafted HTTP requests. Successful exploitation could lead to arbitrary code execution or a denial-of-service condition, and does not require authentication.

Recommendations Update to a newer version than 2.0.11.001 us.