CVE Catalog

CVE-2025-60686

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R, LR1200GB, NR1800X). The programs parse /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation, allowing an attacker to write beyond buffer boundaries.

Risk Assessment

An attacker with local access can trigger memory corruption, leading to denial of service or potential arbitrary code execution, compromising device stability and security.

Recommendation

Immediately update the ToToLink router firmware to the latest version if a patch is available. In the meantime, restrict access to the management interface and monitor logs for suspicious activity.

Original NVD description (English source)

A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation. Specifically, one function writes user-controlled data into a single-byte buffer, and the other into adjacent small arrays without bounds checking. An attacker who controls the contents of /proc/net/arp can trigger memory corruption, leading to denial of service or potential arbitrary code execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS