Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-60688

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authentication.

Published

2025-11-13T16:15:52.850

Last Modified

2025-11-19T17:33:06.030

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-121

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	totolink	lr1200gb_firmware	9.1.0u.6619_b20230130	Yes
Hardware	totolink	lr1200gb	-	No
Operating System	totolink	nr1800x_firmware	9.1.0u.6681_b20230703	Yes
Hardware	totolink	nr1800x	-	No

References

http://totolink.com Broken Link ([email protected])
https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-LR1200GB/CVE-2025-60688.md Exploit, Third Party Advisory ([email protected])
https://www.totolink.net/ Product ([email protected])