A high-severity vulnerability has been identified in multiple Linksys router products, which could allow an unauthenticated attacker to remotely take full control of an affected device. This stack-based buffer overflow flaw (CVE-2025-60690) can be exploited by sending a malicious request to the router's web interface, potentially leading to network traffic interception, data theft, or the compromise of the internal network.

This vulnerability is a stack-based buffer overflow within the get_merge_ipaddr function of the router's web server (httpd) binary. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted HTTP request containing an overly long string to a parameter processed by the vulnerable function. This action overwrites the program's execution stack, allowing the attacker to redirect the flow of execution and run arbitrary code on the device with root-level privileges, resulting in a complete system compromise.

This is a high-severity vulnerability with a CVSS score of 8.8. Successful exploitation would grant an attacker complete administrative control over the affected network device. This could lead to significant business disruption, including the ability to intercept, monitor, or redirect all network traffic (Man-in-the-Middle attacks), gain unauthorized access to the internal corporate network, launch further attacks from the compromised device, or cause a complete denial of service. The compromise of a network perimeter device poses a critical risk to data confidentiality, integrity, and availability.

Immediate Action: Apply vendor-supplied security updates to all affected Linksys devices immediately. Before and after patching, monitor for any signs of exploitation attempts by reviewing device and network access logs for anomalous activity targeting the web management interface.

Proactive Monitoring: Security teams should monitor web server access logs on affected devices for unusually long or malformed HTTP requests. Network monitoring should be configured to alert on unexpected inbound connections to the router's management interface or any unusual outbound traffic originating from the router itself, which could indicate a successful compromise.

Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce risk:

• Disable remote (WAN) access to the device's management interface.
• Restrict access to the management interface to a limited set of trusted IP addresses on the internal network.
• Place the device behind a firewall that can inspect and block malicious requests.

Public Exploit Available: false

Given the high severity (CVSS 8.8) of this vulnerability and the potential for complete device compromise, immediate action is required. All organizations using affected Linksys products must prioritize the deployment of the vendor-supplied firmware updates to mitigate this risk. Although this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its critical nature warrants urgent attention. If patching is delayed, the compensating controls listed above must be implemented immediately to reduce the attack surface.