CVE-2025-60692 identifies a stack-based buffer overflow vulnerability in the libshared.so library of Cisco Linksys E1200 v2 routers, specifically in firmware version E1200_v2.0.11.001_us.tar.gz. The vulnerability is rooted in the functions get_mac_from_ip and get_ip_from_mac, which utilize the sscanf function with a "%100s" format specifier to parse entries from the /proc/net/arp file. However, these functions copy the parsed data into fixed-size buffers of only 50 bytes, creating a classic buffer overflow scenario. Since sscanf reads up to 100 characters but the buffer only holds 50, an attacker controlling the contents of /proc/net/arp can overflow the stack buffer. This overflow can lead to memory corruption, which may cause denial of service (router crashes or reboots) or potentially allow arbitrary code execution with the privileges of the affected process. Exploitation requires local access to the router's environment, meaning an attacker must already have some foothold or be able to manipulate the router’s /proc/net/arp entries. No CVSS score has been assigned yet, and no known exploits are reported in the wild. The vulnerability highlights a critical flaw in input validation and buffer size management within router firmware, which could be leveraged to compromise network devices that serve as gateways in home or small office networks.

For European organizations, the impact of this vulnerability can be significant, especially for small businesses and home offices relying on Cisco Linksys E1200 v2 routers for network connectivity. Successful exploitation could lead to denial of service, disrupting internet access and internal network communications. More critically, arbitrary code execution could allow attackers to take control of the router, potentially intercepting or manipulating network traffic, launching further attacks within the network, or establishing persistent footholds. This could compromise confidentiality, integrity, and availability of organizational data and systems. Given that the vulnerability requires local access, the risk is higher in environments where physical or network access to the router is less controlled. The lack of a patch at this time increases exposure, and the absence of known exploits does not preclude future active exploitation. Disruptions to network infrastructure could affect business operations, especially in sectors dependent on reliable internet connectivity and secure communications.

To mitigate this vulnerability, organizations should first restrict local access to the affected routers by enforcing strong physical security and network segmentation to limit who can interact with the device at a local or administrative level. Network administrators should monitor router logs and behavior for signs of unusual activity or crashes that could indicate exploitation attempts. Until an official patch is released by Cisco, consider replacing affected routers with models not vulnerable to this issue or deploying additional network security controls such as firewall rules to restrict access to router management interfaces. Regularly update router firmware and subscribe to vendor security advisories to apply patches promptly once available. Additionally, implement network monitoring to detect anomalous ARP table manipulations or suspicious local network activity. Educate users about the risks of unauthorized access to network devices and enforce strong authentication mechanisms for router management interfaces to reduce the attack surface.