Sign-up

ID

VAR-202511-1199


CVE

CVE-2025-60692


TITLE

Linksys  of  E1200  Stack-based buffer overflow vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-019454

DESCRIPTION

A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The functions get_mac_from_ip and get_ip_from_mac use sscanf with overly permissive "%100s" format specifiers to parse entries from /proc/net/arp into fixed-size buffers (v6: 50 bytes, v7 sub-arrays: 50 bytes). This allows local attackers controlling the contents of /proc/net/arp to overflow stack buffers, leading to memory corruption, denial of service, or potential arbitrary code execution. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-60692 // JVNDB: JVNDB-2025-019454

AFFECTED PRODUCTS

vendor:linksysmodel:e1200scope:eqversion:2.0.11.001

Trust: 1.0

vendor:linksysmodel:e1200scope: - version: -

Trust: 0.8

vendor:linksysmodel:e1200scope:eqversion: -

Trust: 0.8

vendor:linksysmodel:e1200scope:eqversion:e1200 firmware 2.0.11.001

Trust: 0.8

sources: JVNDB: JVNDB-2025-019454 // NVD: CVE-2025-60692

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-60692
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-019454
value: HIGH

Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-60692
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-019454
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2025-019454 // NVD: CVE-2025-60692

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-019454 // NVD: CVE-2025-60692

EXTERNAL IDS

db:NVDid:CVE-2025-60692

Trust: 2.6

db:JVNDBid:JVNDB-2025-019454

Trust: 0.8

sources: JVNDB: JVNDB-2025-019454 // NVD: CVE-2025-60692

REFERENCES

url:http://linksys.com

Trust: 1.8

url:https://github.com/yifan20020708/sgtaint-0-day/blob/main/linksys/linksys-e1200/cve-2025-60692.md

Trust: 1.8

url:https://www.linksys.com/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2025-60692

Trust: 0.8

sources: JVNDB: JVNDB-2025-019454 // NVD: CVE-2025-60692

SOURCES

db:JVNDBid:JVNDB-2025-019454
db:NVDid:CVE-2025-60692

LAST UPDATE DATE

2025-11-22T23:26:36.598000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2025-019454date:2025-11-19T07:35:00
db:NVDid:CVE-2025-60692date:2025-11-17T19:55:29.503

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2025-019454date:2025-11-19T00:00:00
db:NVDid:CVE-2025-60692date:2025-11-13T17:15:49.247