ID
VAR-202511-0548
CVE
CVE-2025-60691
TITLE
Linksys of E1200 Stack-based buffer overflow vulnerability in firmware
Trust: 0.8
DESCRIPTION
A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The apply_cgi and block_cgi functions copy user-supplied input from the "url" CGI parameter into stack buffers (v36, v29) using sprintf without bounds checking. Because these buffers are allocated as single-byte variables, any non-empty input will trigger a buffer overflow. Remote attackers can exploit this vulnerability via crafted HTTP requests to execute arbitrary code or cause denial of service without authentication. (DoS) It may be in a state
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | linksys | model: | e1200 | scope: | eq | version: | 2.0.11.001 | Trust: 1.0 |
| vendor: | linksys | model: | e1200 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | linksys | model: | e1200 | scope: | eq | version: | e1200 firmware 2.0.11.001 | Trust: 0.8 |
| vendor: | linksys | model: | e1200 | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-121 | Trust: 1.0 |
| problemtype: | Stack-based buffer overflow (CWE-121) [ others ] | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-60691 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2025-019492 | Trust: 0.8 |
REFERENCES
| url: | http://linksys.com | Trust: 1.8 |
| url: | https://github.com/yifan20020708/sgtaint-0-day/blob/main/linksys/linksys-e1200/cve-2025-60691.md | Trust: 1.8 |
| url: | https://www.linksys.com/ | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-60691 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2025-019492 |
| db: | NVD | id: | CVE-2025-60691 |
LAST UPDATE DATE
2025-11-22T23:30:25.367000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2025-019492 | date: | 2025-11-20T03:22:00 |
| db: | NVD | id: | CVE-2025-60691 | date: | 2025-11-17T19:55:22.770 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2025-019492 | date: | 2025-11-20T00:00:00 |
| db: | NVD | id: | CVE-2025-60691 | date: | 2025-11-13T17:15:49.117 |