Linksys E1200 Firmware vulnerabilities

10 known vulnerabilities affecting linksys/e1200_firmware.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH7MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-60694HIGHCVSS 7.5v2.0.11.0012025-11-13
CVE-2025-60694 [HIGH] CWE-121 CVE-2025-60694: A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Li A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function improperly concatenates user-supplied CGI parameters (route_ipaddr_0~3, route_netmask_0~3, route_gateway_0~3) into fixed-size buffers (v6, v10, v14) without proper bounds checki
nvd
CVE-2025-60692HIGHCVSS 8.4v2.0.11.0012025-11-13
CVE-2025-60692 [HIGH] CWE-121 CVE-2025-60692: A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E120 A stack-based buffer overflow vulnerability exists in the libshared.so library of Cisco Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The functions get_mac_from_ip and get_ip_from_mac use sscanf with overly permissive "%100s" format specifiers to parse entries from /proc/net/arp into fixed-size buffers (v6: 50 bytes, v7 sub-arrays:
nvd
CVE-2025-60690HIGHCVSS 8.8v2.0.11.0012025-11-13
CVE-2025-60690 [HIGH] CWE-121 CVE-2025-60690: A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching _0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via speciall
nvd
CVE-2025-60691HIGHCVSS 8.8v2.0.11.0012025-11-13
CVE-2025-60691 [HIGH] CWE-121 CVE-2025-60691: A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200 A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The apply_cgi and block_cgi functions copy user-supplied input from the "url" CGI parameter into stack buffers (v36, v29) using sprintf without bounds checking. Because these buffers are allocated as single-byte variables, any n
nvd
CVE-2025-60689MEDIUMCVSS 5.4v2.0.11.0012025-11-13
CVE-2025-60689 [MEDIUM] CWE-77 CVE-2025-60689: An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd bin An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper s
nvd
CVE-2025-60693MEDIUMCVSS 6.5v2.0.11.0012025-11-13
CVE-2025-60693 [MEDIUM] CWE-121 CVE-2025-60693: A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1 A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to six user-supplied CGI parameters matching _0~5 into a fixed-size buffer (a2) without proper bounds checking, appending colon delimiters during concatenation. Remote
nvd
CVE-2022-38555CRITICALCVSS 9.8v1.0.042022-08-28
CVE-2022-38555 [CRITICAL] CWE-787 CVE-2022-38555: Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.
nvd
CVE-2018-3953HIGHCVSS 7.2v2.0.092018-10-17
CVE-2018-3953 [HIGH] CWE-78 CVE-2018-3953: Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2 Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as t
nvd
CVE-2018-3955HIGHCVSS 7.2v2.0.092018-10-17
CVE-2018-3955 [HIGH] CWE-78 CVE-2018-3955: An exploitable operating system command injection exists in the Linksys ESeries line of routers (Lin An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an
nvd
CVE-2018-3954HIGHCVSS 7.2v2.0.092018-10-17
CVE-2018-3954 [HIGH] CWE-78 CVE-2018-3954: Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2 Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the
nvd