CVE-2025-60695

Name of the Vulnerable Software and Affected Versions Linksys E7350 Router versions 1.1.00.032

Description A stack-based buffer overflow exists in the mtk dut binary. The sub 4045A8 function reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and copies it into a caller-provided buffer a1 using strcpy without boundary checks. The a1 buffer is often allocated with smaller sizes (20-32 bytes), allowing attackers controlling the contents of /sys/class/net/%s/address to trigger buffer overflows. This can lead to memory corruption, denial of service, or potential arbitrary code execution.

Recommendations Update Linksys E7350 Router firmware to a version newer than 1.1.00.032.