Skip to content

[GHSA-xrf6-v8xr-fg2f] A stack-based buffer overflow exists in the...#7161

Closed
Jarrettgohxz wants to merge 1 commit intoJarrettgohxz/advisory-improvement-7161from
Jarrettgohxz-GHSA-xrf6-v8xr-fg2f
Closed

[GHSA-xrf6-v8xr-fg2f] A stack-based buffer overflow exists in the...#7161
Jarrettgohxz wants to merge 1 commit intoJarrettgohxz/advisory-improvement-7161from
Jarrettgohxz-GHSA-xrf6-v8xr-fg2f

Conversation

@Jarrettgohxz
Copy link
Copy Markdown

@Jarrettgohxz Jarrettgohxz commented Mar 14, 2026

Updates

  • Affected products
  • CVSS v3
  • Description
  • References
  • Summary

Comments
Existing documentation (https://github.com/yifan20020708/SGTaint-0-day/blob/main/Linksys/Linksys-E1200/CVE-2025-60690.md) is incomplete, without a fully working Proof-of-Concept (PoC).

My work extends this findings, and includes a functional RCE Proof-of-Concept (PoC). Also, I made some changes to the description and CVSS score, as this CVE has been found to require authentication.

My Github repository (https://github.com/Jarrettgohxz/CVE-research/tree/main/Linksys/E1200-V2/CVE-2025-60690) includes:

  1. Python exploit script (does not crash the "httpd" web server after the shell is invoked)
  2. Technical write-up to explain the findings (with additional links to comprehensive write-ups)

p.s I am not able to find a suitable value for the "Ecosystem" field under "Affected products", and hence selected "Go".

@github-actions github-actions bot changed the base branch from main to Jarrettgohxz/advisory-improvement-7161 March 14, 2026 15:15
@github-actions github-actions bot deleted the Jarrettgohxz-GHSA-xrf6-v8xr-fg2f branch March 14, 2026 15:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Jarrettgohxz