CVE-2025-60693
Last modified
CVE-2025-60693 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to six user-supplied CGI parameters matching <parameter>_0~5 into a fixed-size buffer (a2) without proper bounds checking, appending colon delimiters during concatenation. EPSS estimates a 0.81% chance of exploitation in the next 30 days.
Description
A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to six user-supplied CGI parameters matching <parameter>_0~5 into a fixed-size buffer (a2) without proper bounds checking, appending colon delimiters during concatenation. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linksys | E1200 Firmware | 2.0.11.001 |
References
- http://linksys.comProduct
- https://github.com/yifan20020708/SGTaint-0-day/blob/main/Linksys/Linksys-E1200/CVE-2025-60693.mdExploit, Third Party Advisory
- https://www.linksys.com/Product
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-60693?
How severe is CVE-2025-60693?
How do I fix CVE-2025-60693?
Are you affected by CVE-2025-60693?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST