CVE-2025-60694

Name of the Vulnerable Software and Affected Versions Linksys E1200 v2 router firmware versions prior to 2.0.11.001 us

Description A flaw exists in the validate static route function of the httpd binary. This function does not properly check the size of data when combining CGI parameters – route ipaddr 0~3, route netmask 0~3, and route gateway 0~3 – into buffers (v6, v10, v14). An attacker can leverage this to cause a stack-based buffer overflow by sending specially crafted HTTP requests. Successful exploitation could allow for arbitrary code execution or a denial-of-service condition, and does not require authentication.

Recommendations Update the firmware to a version later than 2.0.11.001 us.