VYPR
Unrated severityNVD Advisory· Published Nov 13, 2025· Updated Nov 13, 2025

CVE-2025-60689

CVE-2025-60689

Description

An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd. Successful exploitation allows remote attackers to execute arbitrary commands on the device without authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Linksys/E1200cpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: =2.0.11.001

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.