Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-60695

A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary checks. Since a1 is often allocated with significantly smaller sizes (20-32 bytes), local attackers controlling the contents of /sys/class/net/%s/address can trigger buffer overflows, leading to memory corruption, denial of service, or potential arbitrary code execution.

Published

2025-11-13T17:15:49.503

Last Modified

2025-11-17T19:55:43.077

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-121

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	linksys	e7350_firmware	1.1.00.032	Yes
Hardware	linksys	e7350	-	No

References

http://linksys.com Product ([email protected])
https://github.com/yifan20020708/SGTaint-0-day/blob/main/Linksys/Linksys-E7350/CVE-2025-60695.md Exploit, Third Party Advisory ([email protected])
https://www.linksys.com/ Product ([email protected])