Details of VAR-202511-0383

ID

VAR-202511-0383

CVE

CVE-2025-60694

TITLE

Linksys of E1200 Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-019491

DESCRIPTION

A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function improperly concatenates user-supplied CGI parameters (route_ipaddr_0~3, route_netmask_0~3, route_gateway_0~3) into fixed-size buffers (v6, v10, v14) without proper bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication

Trust: 1.62

sources: NVD: CVE-2025-60694 // JVNDB: JVNDB-2025-019491

AFFECTED PRODUCTS

vendor:	linksys	model:	e1200	scope:	eq	version:	2.0.11.001	Trust: 1.0
vendor:	linksys	model:	e1200	scope:	eq	version:	-	Trust: 0.8
vendor:	linksys	model:	e1200	scope:	eq	version:	e1200 firmware 2.0.11.001	Trust: 0.8
vendor:	linksys	model:	e1200	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-019491 // NVD: CVE-2025-60694

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-60694
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-019491
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-60694
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-019491
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-019491 // NVD: CVE-2025-60694

PROBLEMTYPE DATA

problemtype:	CWE-121	Trust: 1.0
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-019491 // NVD: CVE-2025-60694

EXTERNAL IDS

db:	NVD	id:	CVE-2025-60694	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-019491	Trust: 0.8

sources: JVNDB: JVNDB-2025-019491 // NVD: CVE-2025-60694

REFERENCES

url:	http://linksys.com	Trust: 1.8
url:	https://github.com/yifan20020708/sgtaint-0-day/blob/main/linksys/linksys-e1200/cve-2025-60694.md	Trust: 1.8
url:	https://www.linksys.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-60694	Trust: 0.8

sources: JVNDB: JVNDB-2025-019491 // NVD: CVE-2025-60694

SOURCES

db:	JVNDB	id:	JVNDB-2025-019491
db:	NVD	id:	CVE-2025-60694

LAST UPDATE DATE

2025-11-22T23:19:08.073000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-019491	date:	2025-11-20T03:22:00
db:	NVD	id:	CVE-2025-60694	date:	2025-11-17T19:55:35.850

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-019491	date:	2025-11-20T00:00:00
db:	NVD	id:	CVE-2025-60694	date:	2025-11-13T17:15:49.373