VYPR

E1200

by Linksys

CVEs (10)

  • CVE-2022-38555CriAug 28, 2022
    risk 0.65cvss 9.8epss 0.12

    Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.

  • CVE-2013-3307HigJul 11, 2025
    risk 0.57cvss 8.3epss 0.06

    Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.

  • CVE-2018-3953HigOct 17, 2018
    risk 0.51cvss 7.2epss 0.13

    Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the…

  • CVE-2018-3955HigOct 17, 2018
    risk 0.47cvss 7.2epss 0.05

    An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary…

  • CVE-2018-3954HigOct 17, 2018
    risk 0.47cvss 7.2epss 0.03

    Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the…

  • CVE-2025-60690Nov 13, 2025
    risk 0.03cvss epss 0.04

    A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching _0~3 into a fixed-size buffer (a2)…

  • CVE-2025-60689Nov 13, 2025
    risk 0.00cvss epss 0.08

    An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip,…

  • CVE-2025-60694Nov 13, 2025
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow exists in the validate_static_route function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function improperly concatenates user-supplied CGI parameters (route_ipaddr_0~3, route_netmask_0~3,…

  • CVE-2025-60693Nov 13, 2025
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow exists in the get_merge_mac function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to six user-supplied CGI parameters matching _0~5 into a fixed-size buffer (a2)…

  • CVE-2025-60691Nov 13, 2025
    risk 0.00cvss epss 0.01

    A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The apply_cgi and block_cgi functions copy user-supplied input from the "url" CGI parameter into stack buffers (v36, v29) using sprintf without bounds…