Description

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication.

INFO

Published Date :

2025-11-13T00:00:00.000Z

Last Modified :

2025-11-13T17:34:03.242Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-60684 vulnerability.

Vendors Products
Totolink
  • Lr1200gb
  • Nr1800x
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-60684.

URL Resource
http://totolink.com cve-icon cve-icon
https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-LR1200GB/CVE-2025-60684.md cve-icon cve-icon
https://www.totolink.net/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System