Description

An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is then directly inserted into a system command using sprintf() and executed with system(). Maliciously crafted IMEI input can execute arbitrary commands on the router without authentication.

INFO

Published Date :

2025-11-13T00:00:00.000Z

Last Modified :

2025-11-13T17:35:24.532Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-60687 vulnerability.

Vendors Products
Totolink
  • Lr1200gb
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-60687.

URL Resource
http://totolink.com cve-icon cve-icon
https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-LR1200GB/CVE-2025-60687.md cve-icon cve-icon
https://www.totolink.net/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System