Overview A critical security vulnerability, identified as CVE-2025-60693, has been discovered in Linksys E1200 v2 routers running firmware version E1200_v2.0.11.001_us.tar.gz. This vulnerability is a stack-based buffer overflow that exists within the get_merge_mac function of the httpd binary. Successful exploitation allows unauthenticated remote attackers to execute arbitrary code or cause a denial of service (DoS). Technical Details The vulnerability stems from insufficient bounds checking in the get_merge_mac function. This function concatenates user-supplied CGI parameters of the form <parameter>_0 through <parameter>_5 into a fixed-size buffer. During the concatenation process, colon delimiters are appended between the parameter values. Due to the lack of…
-
-
Overview CVE-2025-60671 is a command injection vulnerability affecting the D-Link DIR-823G router, specifically the firmware version DIR823G_V1.0.2B05_20181207.bin. This flaw allows an attacker with write access to the /var/system/linux_vlan_reinit file to execute arbitrary commands on the device. This poses a significant security risk, potentially allowing attackers to gain full control of the router. Technical Details The vulnerability resides in the timelycheck and sysconf binaries within the D-Link DIR-823G router’s firmware. These binaries process the /var/system/linux_vlan_reinit file. The core issue is insufficient validation of the content read from this file. While the code performs a prefix check, it’s inadequate to prevent command…
-
Overview CVE-2025-59480 is a medium-severity security vulnerability affecting Mattermost Mobile Apps versions 2.32.0 and earlier. This vulnerability arises from a failure to properly verify the origin of Single Sign-On (SSO) redirect tokens. A malicious Mattermost instance or an on-path attacker could exploit this flaw to obtain user session credentials by crafting malicious token-in-URL responses. This could lead to unauthorized access to user accounts and sensitive data. Technical Details The vulnerability stems from the Mattermost Mobile App’s insufficient validation of the SSO redirect URL. When a user authenticates with Mattermost through SSO, the application receives a token in a redirect URL.…
-
Overview CVE-2025-13122 details a significant SQL injection vulnerability found in SourceCodester’s Patients Waiting Area Queue Management System version 1.0. This flaw allows unauthenticated remote attackers to execute arbitrary SQL commands by manipulating the appointmentID parameter in the getPatientAppointment function of the /php/api_patient_checkin.php file. With the exploit now publicly available, systems running this vulnerable software are at high risk of compromise. Technical Details The vulnerability stems from insufficient input validation within the getPatientAppointment function. Specifically, the appointmentID parameter, which is used to retrieve appointment information from the database, is not properly sanitized. An attacker can inject malicious SQL code into this…
-
Overview CVE-2025-12785 describes a potential information disclosure vulnerability affecting certain HP LaserJet Pro printers. This vulnerability could allow an attacker to potentially expose credentials by altering the scan/send destination address and/or modifying the LDAP Server configuration. The vulnerability was published on 2025-11-13. While the CVE is currently unrated with a CVSS score of N/A, it’s crucial to understand the potential impact and take appropriate mitigation steps. Technical Details The vulnerability stems from insufficient input validation or authorization controls within the printer’s scan/send functionality and LDAP configuration settings. An attacker with unauthorized access to the printer’s web interface or control panel…
-
Overview CVE-2025-12784 describes a potential information disclosure vulnerability affecting certain HP LaserJet Pro printers. This vulnerability could allow an attacker to gain access to sensitive information, potentially including credentials, by manipulating scan/send destination addresses and/or modifying the LDAP server configuration. Technical Details The vulnerability stems from insufficient validation and access controls related to the scan/send functionality and LDAP server configuration within the affected HP LaserJet Pro printers. Specifically, an attacker could potentially: Alter Scan/Send Destination Address: Redirect scanned documents to an unauthorized recipient. Modify LDAP Server Settings: Compromise the LDAP server settings potentially leading to unauthorized access or information disclosure…
-
Overview CVE-2025-11777 is a low-severity information disclosure vulnerability affecting specific versions of Mattermost. This vulnerability allows users from one team to potentially access user metadata and channel membership information from other teams through the Add Channel Member API due to improper team membership permission validation. Technical Details The vulnerability resides in the Add Channel Member API endpoint within Mattermost. Versions 10.11.x (
-
Overview CVE-2025-60695 is a medium-severity stack-based buffer overflow vulnerability discovered in the mtk_dut binary of Linksys E7350 routers running firmware version 1.1.00.032. This vulnerability allows local attackers to potentially cause a denial of service, memory corruption, or even achieve arbitrary code execution by exploiting a flaw in how the router handles network interface addresses. Technical Details The vulnerability lies within the sub_4045A8 function of the mtk_dut binary. This function reads the MAC address of a network interface from the /sys/class/net/%s/address file, where %s represents the network interface name (e.g., eth0, wlan0). The function reads up to 256 bytes of data…
-
Overview A high-severity vulnerability, identified as CVE-2025-60694, has been discovered in Linksys E1200 v2 routers running firmware version E1200_v2.0.11.001_us.tar.gz. This vulnerability is a stack-based buffer overflow that can be exploited by remote attackers to execute arbitrary code or cause a denial-of-service (DoS) condition. The flaw resides in the validate_static_route function within the httpd binary, allowing attackers to compromise the router without authentication. Technical Details The vulnerability stems from improper handling of user-supplied CGI parameters. Specifically, the validate_static_route function concatenates the values of route_ipaddr_0~3, route_netmask_0~3, and route_gateway_0~3 into fixed-size buffers (v6, v10, and v14) without sufficient bounds checking. An attacker can…
-
Overview A critical security vulnerability, identified as CVE-2025-60691, has been discovered in Linksys E1200 v2 routers running firmware version E1200_v2.0.11.001_us.tar.gz. This vulnerability is a stack-based buffer overflow in the httpd binary, allowing unauthenticated remote attackers to potentially execute arbitrary code or cause a denial-of-service (DoS) condition. The vulnerability stems from insufficient input validation within the CGI handling, specifically in the apply_cgi and block_cgi functions. Technical Details The root cause of the vulnerability lies in the way the apply_cgi and block_cgi functions handle the “url” CGI parameter. These functions use sprintf to copy user-supplied input from the “url” parameter into stack…