CVE-2025-60686
MediumCVSS 5.1Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R, LR1200GB, NR1800X). The programs parse /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation, allowing an attacker to write beyond buffer boundaries.
Risk Assessment
An attacker with local access can trigger memory corruption, leading to denial of service or potential arbitrary code execution, compromising device stability and security.
Recommendation
Immediately update the ToToLink router firmware to the latest version if a patch is available. In the meantime, restrict access to the management interface and monitor logs for suspicious activity.
Original NVD description (English source)
A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation. Specifically, one function writes user-controlled data into a single-byte buffer, and the other into adjacent small arrays without bounds checking. An attacker who controls the contents of /proc/net/arp can trigger memory corruption, leading to denial of service or potential arbitrary code execution.

