Unrated severityNVD Advisory· Published Nov 13, 2025· Updated Nov 14, 2025

CVE-2025-60699

Description

A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592_B20191022_ALL within the global.so binary. The getSaveConfig function retrieves the http_host parameter from user input via websGetVar and copies it into a fixed-size stack buffer (v13) using strcpy() without performing any length checks. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request to the router's web interface, potentially leading to arbitrary code execution.

Affected products

TOTOLINK/A950RG Routerdescription
Totolink/A950RGllm-fuzzy
Range: = V5.9c.4592_B20191022

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-A950RG/2.mdmitre
github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-A950RG/CVE-2025-60699.mdmitre
www.totolink.netmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000