CVE-2025-60699

13.11.2025, 20:15

A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the `global.so` binary. The `getSaveConfig` function retrieves the `http_host` parameter from user input via `websGetVar` and copies it into a fixed-size stack buffer (`v13`) using `strcpy()` without performing any length checks. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the router's web interface, potentially leading to arbitrary code execution.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
mitre	CNA	---				---
CISA-ADP	ADP	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Vendor	Product	Version
totolink	a950rg_firmware	5.9c.4592_b20191022:c.4592_b20191022

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-A950RG/CVE-2025-60699.md

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-A950RG/2.md

https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-A950RG/CVE-2025-60699.md

https://www.totolink.net/