Vulnerability Description
A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation. Specifically, one function writes user-controlled data into a single-byte buffer, and the other into adjacent small arrays without bounds checking. An attacker who controls the contents of /proc/net/arp can trigger memory corruption, leading to denial of service or potential arbitrary code execution.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Totolink | A720R Firmware | 4.1.5cu.614_b20230630 |
| Totolink | A720R | - |
| Totolink | Lr1200Gb Firmware | 9.1.0u.6619_b20230130 |
| Totolink | Lr1200Gb | - |
| Totolink | Nr1800X Firmware | 9.1.0u.6681_b20230703 |
| Totolink | Nr1800X | - |
Related Weaknesses (CWE)
References
- http://totolink.comBroken Link
- https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-A720RExploitThird Party Advisory
- https://www.totolink.net/Product
FAQ
What is CVE-2025-60686?
CVE-2025-60686 is a vulnerability with a CVSS score of 5.1 (MEDIUM). A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9...
How severe is CVE-2025-60686?
CVE-2025-60686 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-60686?
Check the references section above for vendor advisories and patch information. Affected products include: Totolink A720R Firmware, Totolink A720R, Totolink Lr1200Gb Firmware, Totolink Lr1200Gb, Totolink Nr1800X Firmware.