Cybersecurity Vulnerabilities

Critical Vulnerability Alert: CVE-2025-60694 Exposes Linksys E1200 v2 Routers

November 14, 2025 - By 

Overview

A high-severity vulnerability, identified as CVE-2025-60694, has been discovered in Linksys E1200 v2 routers running firmware version E1200_v2.0.11.001_us.tar.gz. This vulnerability is a stack-based buffer overflow that can be exploited by remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition. The flaw resides in the validate_static_route function within the httpd binary, allowing attackers to compromise the router without authentication.

Technical Details

The vulnerability stems from improper handling of user-supplied CGI parameters. Specifically, the validate_static_route function concatenates the values of route_ipaddr_0~3, route_netmask_0~3, and route_gateway_0~3 into fixed-size buffers (v6, v10, and v14) without sufficient bounds checking. An attacker can craft HTTP requests with overly long values for these parameters, causing the buffers to overflow. This overflow overwrites adjacent memory on the stack, potentially allowing the attacker to inject and execute malicious code or disrupt the router’s operation.

CVSS Analysis

This vulnerability has been assigned a CVSS score of 7.5, indicating a high severity. The CVSS vector reflects the following characteristics:

  • Attack Vector: Network (AV:N)
  • Attack Complexity: Low (AC:L)
  • Privileges Required: None (PR:N)
  • User Interaction: None (UI:N)
  • Scope: Unchanged (S:U)
  • Confidentiality Impact: High (C:H)
  • Integrity Impact: High (I:H)
  • Availability Impact: High (A:H)

Possible Impact

Successful exploitation of CVE-2025-60694 can have severe consequences:

  • Remote Code Execution (RCE): Attackers can execute arbitrary code on the router, potentially gaining complete control of the device.
  • Denial of Service (DoS): Overflowing the buffers can cause the router to crash, leading to a denial of service and disrupting network connectivity.
  • Network Compromise: A compromised router can be used as a pivot point to attack other devices on the network or intercept network traffic.

Mitigation and Patch Steps

To mitigate the risk posed by CVE-2025-60694, users of Linksys E1200 v2 routers are strongly advised to take the following actions:

  1. Check Firmware Version: Verify that your router is running firmware version E1200_v2.0.11.001_us.tar.gz. If so, proceed to the next steps.
  2. Apply the Patch (If Available): Visit the Linksys official website to check for updated firmware that addresses this vulnerability. Apply the update immediately. Keep checking back even if an update isn’t immediately available.
  3. Disable Remote Management: If possible, disable remote management of the router to reduce the attack surface.
  4. Strong Passwords: Ensure that you are using strong, unique passwords for your router’s administration interface.
  5. Monitor Network Traffic: Monitor your network for suspicious activity that may indicate an attempted exploitation.
  6. Consider Replacement: If a patch is not available or feasible, consider replacing the vulnerable router with a more secure model.

References

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *