CVE-2025-60691

Name of the Vulnerable Software and Affected Versions Linksys E1200 v2 routers versions prior to v2.0.11.001 us

Description A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers. The apply cgi and block cgi functions copy user-supplied input from the url CGI parameter into stack buffers using sprintf without sufficient bounds checking. Because these buffers are small, any input will trigger a buffer overflow. Remote attackers can exploit this by sending crafted HTTP requests to execute arbitrary code or cause a denial of service without authentication. The vulnerable parameters are url.

Recommendations Update to a version later than v2.0.11.001 us.