CVE-2025-60690
A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.1
CVSS
8.8
High
EPSS
3.9%
p89
KEV
—
Exploit Today
27
0-100
Published: Nov 13, 2025 · Last modified: Jul 5, 2026 · CWE-121
3.7%EPSS · 30 days4.7%
2026-06-302026-07-16
A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching <parameter>_0~3 into a fixed-size buffer (a2) without bounds checking. Remote attackers can exploit this vulnerability via specially crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-510878.6 HIG94.0%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/saveParentControlInfo. The manipulation of the argument time leads to stack-based buffer overflow.12dCVE-2025-510885.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/WifiGuestSet. The manipulation of the argument `shareSpeed` leads to stack-based buffer overflow.12dCVE-2025-510855.3 MED92.6%
——28Tenda AC8V4 V16.03.34.06` was discovered to contain stack overflow at /goform/SetSysTimeCfg. The manipulation of the argument `timeZone` and `timeType` leads to stack-based buffer overflow.12dCVE-2026-248818.1 HIG75.2%
——23In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that could lead to remote code execution.2dCVE-2026-503877.8 HIG75.0%
——22Stack-based buffer overflow in Windows GDI allows an authorized attacker to elevate privileges locally.20hCVE-2026-322037.5 HIG72.3%
——22Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.2d