CVE-2025-60692

Name of the Vulnerable Software and Affected Versions Cisco Linksys E1200 v2 routers version E1200 v2.0.11.001 us.tar.gz

Description A stack-based buffer overflow issue exists in the libshared.so library of Cisco Linksys E1200 v2 routers. The get mac from ip() and get ip from mac() functions utilize the sscanf() function with an overly permissive format specifier ("%100s") when parsing entries from /proc/net/arp into fixed-size buffers. This allows a local attacker who controls the contents of /proc/net/arp to cause a stack buffer overflow, potentially leading to memory corruption, denial of service, or arbitrary code execution. The vulnerable functions do not validate input length against the fixed-size stack buffer.

Recommendations Update to a newer firmware version that addresses this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.