CVE-2025-60693

Name of the Vulnerable Software and Affected Versions Linksys E1200 v2 routers version E1200 v2.0.11.001 us.tar.gz

Description A stack-based buffer overflow exists in the get merge mac function of the httpd binary. The function concatenates up to six user-supplied CGI parameters matching parameter 0 through parameter 5 into a fixed-size buffer (a2) without proper bounds checking, appending colon delimiters during concatenation. Remote attackers can exploit this issue via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.

Recommendations Update to a newer firmware version that addresses this vulnerability. As a temporary workaround, restrict access to the affected CGI parameters (parameter 0 through parameter 5) to minimize the risk of exploitation.