Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-60684

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication.

Published

2025-11-13T16:15:52.337

Last Modified

2025-11-24T15:33:48.037

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-121

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	totolink	lr1200gb_firmware	9.1.0u.6619_b20230130	Yes
Hardware	totolink	lr1200gb	-	No
Operating System	totolink	nr1800x_firmware	9.1.0u.6681_b20230703	Yes
Hardware	totolink	nr1800x	-	No

References

http://totolink.com Broken Link ([email protected])
https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-LR1200GB/CVE-2025-60684.md Exploit, Third Party Advisory ([email protected])
https://www.totolink.net/ Product ([email protected])