CVE-2025-60689
MediumCVSS 5.4Exploitation Probability (EPSS)
Very high risk94th percentile - higher than 94% of all known CVEs
Summary
An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). User-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd, allowing remote attackers to execute arbitrary commands without authentication.
Risk Assessment
An unauthenticated attacker can gain full control over the router, enabling network configuration changes, traffic interception, or use of the device for further attacks within the internal network.
Recommendation
Immediately update the router firmware to the latest version available from the vendor. If no update is available, restrict management interface access to trusted networks only or consider replacing the device.
Original NVD description (English source)
An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd. Successful exploitation allows remote attackers to execute arbitrary commands on the device without authentication.

