CVE Catalog

CVE-2025-60689

MediumCVSS 5.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
7.89%

94th percentile - higher than 94% of all known CVEs

Summary

An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). User-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd, allowing remote attackers to execute arbitrary commands without authentication.

Risk Assessment

An unauthenticated attacker can gain full control over the router, enabling network configuration changes, traffic interception, or use of the device for further attacks within the internal network.

Recommendation

Immediately update the router firmware to the latest version available from the vendor. If no update is available, restrict management interface access to trusted networks only or consider replacing the device.

Original NVD description (English source)

An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd. Successful exploitation allows remote attackers to execute arbitrary commands on the device without authentication.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS