ID

VAR-202511-1192


CVE

CVE-2025-60695


TITLE

Linksys  of  E7350  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-019453

DESCRIPTION

A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary checks. Since a1 is often allocated with significantly smaller sizes (20-32 bytes), local attackers controlling the contents of /sys/class/net/%s/address can trigger buffer overflows, leading to memory corruption, denial of service, or potential arbitrary code execution. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-60695 // JVNDB: JVNDB-2025-019453

AFFECTED PRODUCTS

vendor:linksysmodel:e7350scope:eqversion:1.1.00.032

Trust: 1.0

vendor:linksysmodel:e7350scope:eqversion: -

Trust: 0.8

vendor:linksysmodel:e7350scope:eqversion:e7350 firmware 1.1.00.032

Trust: 0.8

vendor:linksysmodel:e7350scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2025-019453 // NVD: CVE-2025-60695

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-60695
value: MEDIUM

Trust: 1.0

OTHER: JVNDB-2025-019453
value: MEDIUM

Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-60695
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.5
impactScore: 3.4
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-019453
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-019453 // NVD: CVE-2025-60695

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-019453 // NVD: CVE-2025-60695

EXTERNAL IDS

db:NVDid:CVE-2025-60695

Trust: 2.6

db:JVNDBid:JVNDB-2025-019453

Trust: 0.8

sources: JVNDB: JVNDB-2025-019453 // NVD: CVE-2025-60695

REFERENCES

url:https://github.com/yifan20020708/sgtaint-0-day/blob/main/linksys/linksys-e7350/cve-2025-60695.md

Trust: 1.8

url:https://www.linksys.com/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-60695

Trust: 0.8

url:http://linksys.com

Trust: 0.8

sources: JVNDB: JVNDB-2025-019453 // NVD: CVE-2025-60695

SOURCES

db:JVNDBid:JVNDB-2025-019453
db:NVDid:CVE-2025-60695

LAST UPDATE DATE

2026-07-05T23:49:13.896000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-019453date:2025-11-19T07:35:00
db:NVDid:CVE-2025-60695date:2026-07-05T02:17:13.947

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-019453date:2025-11-19T00:00:00
db:NVDid:CVE-2025-60695date:2025-11-13T17:15:49.503