Description

An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd. Successful exploitation allows remote attackers to execute arbitrary commands on the device without authentication.

INFO

Published Date :

2025-11-13T00:00:00.000Z

Last Modified :

2025-11-13T17:58:06.715Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-60689 vulnerability.

Vendors Products
Linksys
  • E1200
  • E1200 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-60689.

URL Resource
http://linksys.com cve-icon cve-icon
https://github.com/yifan20020708/SGTaint-0-day/blob/main/Linksys/Linksys-E1200/CVE-2025-60689.md cve-icon cve-icon
https://www.linksys.com/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System