CVE-2025-60688

Published: Nov 13, 2025Modified: Nov 19, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Exploitability: 3.9 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authentication.

Affected (2)

Products: Totolink: Lr1200gb Firmware, Nr1800x Firmware

2 products

Lr1200gb Firmware

Nr1800x Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink Lr1200gb Firmware	Version 9.1.0u.6619_b20230130

Running on/with	Platform Versions
Totolink Lr1200gb	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Totolink Nr1800x Firmware	Version 9.1.0u.6681_b20230703

Running on/with	Platform Versions
Totolink Nr1800x	All versions

Related CWEs

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (3)

http://totolink.com

Source: cve@mitre.org

Broken Link

https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-LR1200GB/CVE-2025-60688.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.totolink.net/

Source: cve@mitre.org

Product

Timeline

No history available yet.