CVE-2025-60693 – A stack-based buffer overflow vulnerability in ... (How to Fix)

Q: What is the severity of CVE-2025-60693?

CVE-2025-60693 has a CVSS score of 6.5 (MEDIUM). A stack-based buffer overflow vulnerability in Linksys E1200 v2 routers allows remote attackers to execute arbitrary code or cause denial of service without authentication. Attackers can exploit this by sending specially crafted HTTP requests that trigger improper bounds checking when concatenating CGI parameters. This affects all users of Linksys E1200 v2 routers running vulnerable firmware.

📋 TL;DR

A stack-based buffer overflow vulnerability in Linksys E1200 v2 routers allows remote attackers to execute arbitrary code or cause denial of service without authentication. Attackers can exploit this by sending specially crafted HTTP requests that trigger improper bounds checking when concatenating CGI parameters. This affects all users of Linksys E1200 v2 routers running vulnerable firmware.

💻 Affected Systems

Products:

Linksys E1200 v2

Versions: Firmware E1200_v2.0.11.001_us.tar.gz and likely earlier versions

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: The httpd service runs by default on port 80. No authentication is required to exploit this vulnerability.

📦 What is this software?

E1200 Firmware by Linksys

View all CVEs affecting E1200 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with root privileges leading to complete device compromise, network infiltration, and persistent backdoor installation.

🟠

Likely Case

Denial of service causing router crashes and network disruption, potentially requiring physical reset.

🟢

If Mitigated

Limited impact if device is behind firewall with restricted HTTP access or if vulnerable service is disabled.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept code is available on GitHub. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.linksys.com/

Restart Required: Yes

Instructions:

1. Check Linksys website for firmware updates. 2. Download latest firmware for E1200 v2. 3. Access router admin interface. 4. Navigate to firmware update section. 5. Upload and apply new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

Disable HTTP Management

all

Disable HTTP access to router management interface and use HTTPS only

Access router admin interface -> Administration -> Management -> Disable HTTP access

Restrict Access with Firewall

linux

Block external access to router's HTTP port (80) using network firewall

iptables -A INPUT -p tcp --dport 80 -j DROP

🧯 If You Can't Patch

Replace router with supported model
Place router behind dedicated firewall with strict inbound rules

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router admin interface under Status -> Router Information

Check Version:

curl -s http://router-ip/status.cgi | grep Firmware

Verify Fix Applied:

Verify firmware version is newer than E1200_v2.0.11.001_us

📡 Detection & Monitoring

Log Indicators:

Multiple HTTP requests with CGI parameters containing _0~5 suffixes
Router crash/reboot logs
Unusual HTTP request patterns to router IP

Network Indicators:

HTTP requests with unusually long parameter values
Multiple rapid HTTP requests to router port 80
Traffic patterns matching buffer overflow exploitation

SIEM Query:

source="router.log" AND (http_request CONTAINS "_0" OR "_1" OR "_2" OR "_3" OR "_4" OR "_5") AND http_request LENGTH > 100

📊 Metadata

CVE ID: CVE-2025-60693

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE: CWE-121

EPSS Score: 1.3% exploit probability (79.4th percentile)

Published: November 13, 2025

Last Updated: November 17, 2025

🔗 References

http://linksys.com Product
https://github.com/yifan20020708/SGTaint-0-day/blob/main/Linksys/Linksys-E1200/CVE-2025-60693.md Exploit,Third Party Advisory
https://www.linksys.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60693, you might also want to check these: