CVE-2025-60686

13.11.2025, 16:15

A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation. Specifically, one function writes user-controlled data into a single-byte buffer, and the other into adjacent small arrays without bounds checking. An attacker who controls the contents of /proc/net/arp can trigger memory corruption, leading to denial of service or potential arbitrary code execution.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.1 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
mitre	CNA	---				---
CISA-ADP	ADP	5.1 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Vendor	Product	Version
totolink	a720r_firmware	4.1.5cu.614_b20230630:cu.614_b20230630
totolink	lr1200gb_firmware	9.1.0u.6619_b20230130:u.6619_b20230130
totolink	nr1800x_firmware	9.1.0u.6681_b20230703:u.6681_b20230703

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-A720R/CVE-2025-60686.md

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

http://totolink.com

https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-A720R/CVE-2025-60686.md

https://www.totolink.net/