VYPR
Unrated severityNVD Advisory· Published Nov 13, 2025· Updated Nov 13, 2025

CVE-2025-60688

CVE-2025-60688

Description

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Totolink/LR1200GBcpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: = V9.1.0u.6619_B20230130
  • Totolink/NR1800Xllm-fuzzy
    Range: = V9.1.0u.6681_B20230703

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.