CVE-2025-60690 is a critical security vulnerability identified in the Linksys E1200 version 2 router, specifically in the httpd binary's get_merge_ipaddr function. This function processes up to four CGI parameters named with suffixes _0 through _3, concatenating them into a fixed-size buffer (referred to as a2) without performing bounds checking. This lack of validation leads to a classic stack-based buffer overflow condition. An attacker can exploit this flaw by sending specially crafted HTTP requests containing malicious payloads in these CGI parameters. Because the vulnerability does not require authentication, it can be triggered remotely by any attacker with network access to the router's HTTP interface. Successful exploitation could allow arbitrary code execution on the device, potentially enabling full compromise of the router, or cause a denial of service by crashing the httpd process. The affected firmware version is E1200_v2.0.11.001_us, indicating that only a specific firmware release is vulnerable. No CVSS score has been assigned yet, and no known exploits have been reported in the wild. However, the technical details indicate a high-risk scenario due to the nature of the vulnerability and the absence of authentication requirements. The Linksys E1200 v2 router is commonly used in home and small office environments, making it a target for attackers seeking to pivot into internal networks or disrupt connectivity. The vulnerability's exploitation could lead to network compromise, interception of traffic, or disruption of services dependent on the router. Given the widespread use of Linksys devices in Europe, especially among SMEs and residential users, this vulnerability represents a significant threat vector.

For European organizations, particularly small and medium enterprises (SMEs) and home office users relying on Linksys E1200 v2 routers, this vulnerability poses a substantial risk. Exploitation can lead to unauthorized remote code execution, allowing attackers to take control of the router, manipulate network traffic, or establish persistent footholds within internal networks. This can compromise confidentiality by intercepting or redirecting sensitive data, integrity by altering network configurations or firmware, and availability by causing denial of service through router crashes. The lack of authentication requirement lowers the barrier for exploitation, increasing the likelihood of attacks. Organizations with limited IT security resources may be particularly vulnerable due to the consumer-grade nature of the affected device. Additionally, compromised routers can be leveraged as part of botnets or for launching further attacks against internal or external targets. The impact extends beyond individual devices, potentially affecting broader network security and operational continuity.

1. Immediate mitigation involves isolating vulnerable Linksys E1200 v2 routers from untrusted networks, especially the internet, by disabling remote management features or restricting access via firewall rules. 2. Network administrators should monitor HTTP traffic to these devices for unusual or malformed CGI parameter patterns indicative of exploitation attempts. 3. Since no official patch or firmware update link is currently provided, users should contact Linksys support or check official channels regularly for firmware updates addressing this vulnerability. 4. Deploy network intrusion detection/prevention systems (IDS/IPS) with custom signatures to detect and block exploit attempts targeting the get_merge_ipaddr function. 5. Consider replacing vulnerable devices with newer, supported hardware that receives timely security updates. 6. Educate users about the risks of exposing router management interfaces to the internet and enforce strong network segmentation to limit attacker lateral movement if a device is compromised. 7. Apply network-level mitigations such as web application firewalls (WAFs) or reverse proxies to filter malicious HTTP requests before they reach the router.