CVE-2025-60695: n/a
A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary checks. Since a1 is often allocated with significantly smaller sizes (20-32 bytes), local attackers controlling the contents of /sys/class/net/%s/address can trigger buffer overflows, leading to memory corruption, denial of service, or potential arbitrary code execution.
AI Analysis
Technical Summary
CVE-2025-60695 is a stack-based buffer overflow vulnerability identified in the mtk_dut binary of Linksys E7350 routers with firmware version 1.1.00.032. The root cause lies in the function sub_4045A8, which reads up to 256 bytes from the file path /sys/class/net/%s/address into a local buffer. This data is then copied using strcpy into a caller-provided buffer (a1) that is often allocated with only 20 to 32 bytes, creating a classic buffer overflow scenario due to the lack of boundary checks. Since strcpy does not limit the number of bytes copied, an attacker who can manipulate the contents of the /sys/class/net/%s/address file can overflow the buffer, leading to memory corruption. This can result in denial of service by crashing the router or, more critically, arbitrary code execution if the attacker can craft the overflow payload precisely. The vulnerability requires local attacker capabilities, meaning the attacker must have access to the router's local environment or be able to influence the network interface address files. No CVSS score has been assigned yet, and no patches or known exploits have been reported. The vulnerability affects a specific firmware version of a widely used consumer router, making it a targeted risk for users of this device. The absence of patches increases the urgency for mitigation through configuration or network controls.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, especially for small and medium enterprises or home offices relying on Linksys E7350 routers. Exploitation could lead to denial of service, disrupting internet connectivity and business operations. More severe exploitation could allow attackers to execute arbitrary code on the router, potentially enabling further network compromise, data interception, or lateral movement within corporate networks. Given the local access requirement, the threat is higher in environments where physical or network access is less controlled, such as shared office spaces or remote work setups. The vulnerability could also be leveraged by malicious insiders or attackers who gain initial foothold in the network. The lack of patches means organizations must rely on compensating controls to protect these devices. The impact extends to the confidentiality, integrity, and availability of network communications passing through the affected routers.
Mitigation Recommendations
1. Immediately identify and inventory all Linksys E7350 routers running firmware version 1.1.00.032 within the organization. 2. Restrict local access to these routers to trusted personnel only, enforcing strict physical and network access controls. 3. Disable or restrict access to the mtk_dut binary or related diagnostic utilities if possible, to reduce attack surface. 4. Monitor and audit the contents of /sys/class/net/%s/address files for unauthorized modifications or anomalies. 5. Implement network segmentation to isolate vulnerable routers from critical network segments and sensitive data. 6. Use firewall rules to limit local network access to the router management interfaces. 7. Engage with Linksys or the vendor for firmware updates or patches and apply them promptly once available. 8. Consider replacing vulnerable devices with models that have received security updates if patching is not feasible. 9. Educate users about the risks of local access exploitation and enforce strong endpoint security to prevent unauthorized local access. 10. Monitor network traffic for signs of exploitation attempts or unusual router behavior.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden
CVE-2025-60695: n/a
Description
A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary checks. Since a1 is often allocated with significantly smaller sizes (20-32 bytes), local attackers controlling the contents of /sys/class/net/%s/address can trigger buffer overflows, leading to memory corruption, denial of service, or potential arbitrary code execution.
AI-Powered Analysis
Technical Analysis
CVE-2025-60695 is a stack-based buffer overflow vulnerability identified in the mtk_dut binary of Linksys E7350 routers with firmware version 1.1.00.032. The root cause lies in the function sub_4045A8, which reads up to 256 bytes from the file path /sys/class/net/%s/address into a local buffer. This data is then copied using strcpy into a caller-provided buffer (a1) that is often allocated with only 20 to 32 bytes, creating a classic buffer overflow scenario due to the lack of boundary checks. Since strcpy does not limit the number of bytes copied, an attacker who can manipulate the contents of the /sys/class/net/%s/address file can overflow the buffer, leading to memory corruption. This can result in denial of service by crashing the router or, more critically, arbitrary code execution if the attacker can craft the overflow payload precisely. The vulnerability requires local attacker capabilities, meaning the attacker must have access to the router's local environment or be able to influence the network interface address files. No CVSS score has been assigned yet, and no patches or known exploits have been reported. The vulnerability affects a specific firmware version of a widely used consumer router, making it a targeted risk for users of this device. The absence of patches increases the urgency for mitigation through configuration or network controls.
Potential Impact
For European organizations, the impact of this vulnerability can be significant, especially for small and medium enterprises or home offices relying on Linksys E7350 routers. Exploitation could lead to denial of service, disrupting internet connectivity and business operations. More severe exploitation could allow attackers to execute arbitrary code on the router, potentially enabling further network compromise, data interception, or lateral movement within corporate networks. Given the local access requirement, the threat is higher in environments where physical or network access is less controlled, such as shared office spaces or remote work setups. The vulnerability could also be leveraged by malicious insiders or attackers who gain initial foothold in the network. The lack of patches means organizations must rely on compensating controls to protect these devices. The impact extends to the confidentiality, integrity, and availability of network communications passing through the affected routers.
Mitigation Recommendations
1. Immediately identify and inventory all Linksys E7350 routers running firmware version 1.1.00.032 within the organization. 2. Restrict local access to these routers to trusted personnel only, enforcing strict physical and network access controls. 3. Disable or restrict access to the mtk_dut binary or related diagnostic utilities if possible, to reduce attack surface. 4. Monitor and audit the contents of /sys/class/net/%s/address files for unauthorized modifications or anomalies. 5. Implement network segmentation to isolate vulnerable routers from critical network segments and sensitive data. 6. Use firewall rules to limit local network access to the router management interfaces. 7. Engage with Linksys or the vendor for firmware updates or patches and apply them promptly once available. 8. Consider replacing vulnerable devices with models that have received security updates if patching is not feasible. 9. Educate users about the risks of local access exploitation and enforce strong endpoint security to prevent unauthorized local access. 10. Monitor network traffic for signs of exploitation attempts or unusual router behavior.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-09-26T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6916102073934fe85f046f62
Added to database: 11/13/2025, 5:06:40 PM
Last enriched: 11/13/2025, 5:21:37 PM
Last updated: 11/14/2025, 6:39:19 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-10686: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Creta Testimonial Showcase
CriticalCVE-2025-64444: Improper neutralization of special elements used in an OS command ('OS Command Injection') in Sony Network Communications Inc. NCP-HG100/Cellular model
HighCVE-2025-13161: CWE-23 Relative Path Traversal in IQ Service International IQ-Support
HighCVE-2025-13160: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere in IQ Service International IQ-Support
MediumCVE-2025-9479: Out of bounds read in Google Chrome
UnknownActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.