CVE-2025-60690 identifies a stack-based buffer overflow vulnerability in the get_merge_ipaddr function within the httpd binary of Linksys E1200 v2 routers, specifically firmware version E1200_v2.0.11.001_us.tar.gz. The vulnerability stems from the function's unsafe concatenation of up to four CGI parameters named with suffixes _0 through _3 into a fixed-size buffer (referred to as a2) without performing bounds checking. This lack of validation allows an attacker to send specially crafted HTTP requests containing oversized parameter values, which overflow the buffer on the stack. The overflow can overwrite the return address or other control data, enabling arbitrary code execution or causing a denial of service by crashing the httpd process. Notably, the vulnerability does not require authentication or user interaction, making it remotely exploitable over the network. The CVSS v3.1 score of 8.8 reflects the vulnerability's high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. The vulnerability is categorized under CWE-121 (Stack-based Buffer Overflow). Although no public patches or known exploits are currently available, the exposure of this flaw in a widely deployed consumer router model poses a significant security risk. The httpd service is typically exposed on local networks and sometimes on WAN interfaces, increasing the attack surface. The absence of authentication means any attacker with network access to the device can attempt exploitation. This vulnerability could be leveraged to gain persistent control over the router, intercept or manipulate network traffic, or disrupt network connectivity.

For European organizations, the impact of CVE-2025-60690 can be substantial, particularly for small and medium enterprises (SMEs) and home office users relying on Linksys E1200 v2 routers. Successful exploitation can lead to full compromise of the router, enabling attackers to intercept sensitive data, redirect traffic, or launch further attacks within the network. This threatens confidentiality and integrity of communications and can disrupt availability through denial of service. Compromised routers can also serve as footholds for lateral movement or as part of botnets for large-scale attacks. Given the router’s common use in SOHO environments, organizations with less mature IT security practices are especially vulnerable. The lack of authentication and user interaction requirements means attackers can exploit the vulnerability remotely without user awareness. Additionally, the potential for arbitrary code execution raises the risk of persistent backdoors or malware installation. This can undermine trust in network infrastructure and complicate incident response. The vulnerability also poses risks to critical infrastructure sectors that may use these routers in non-enterprise settings, such as retail or healthcare branches. Overall, the threat could lead to data breaches, operational disruptions, and reputational damage.

1. Immediate mitigation involves isolating affected Linksys E1200 v2 routers from untrusted networks, especially the internet, to reduce exposure. 2. Network administrators should implement strict firewall rules to block HTTP access to the router’s management interface from external sources. 3. Replace or upgrade affected devices to newer router models with updated firmware that addresses this vulnerability once available. 4. If firmware updates are not yet released, consider deploying network segmentation to limit access to vulnerable routers only to trusted internal users. 5. Monitor network traffic for unusual HTTP requests targeting the router’s CGI interface, which may indicate exploitation attempts. 6. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect buffer overflow attempts against the httpd service. 7. Educate users about the risks of using outdated consumer-grade routers and encourage adoption of enterprise-grade or regularly patched devices. 8. Maintain an inventory of all network devices to identify and prioritize vulnerable equipment for remediation. 9. Engage with Linksys support channels to obtain information on forthcoming patches or workarounds. 10. Consider deploying network access control (NAC) to enforce device compliance and prevent vulnerable routers from connecting to critical networks.