CVE-2025-60688Stack-based Buffer Overflow in Lr1200gb Firmware

CWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 42.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink Lr1200gb FirmwareTotolink Nr1800x Firmware
Timeline
PublishedNov 13

Description

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authe

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

NVDtotolink/nr1800x_firmware9.1.0u.6681_b20230703
NVDtotolink/lr1200gb_firmware9.1.0u.6619_b20230130

🔴Vulnerability Details

2
CVEList
CVE-2025-60688: A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V92025-11-13
GHSA
GHSA-hrmj-986x-7pmm: A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V92025-11-13
CVE-2025-60688 — Stack-based Buffer Overflow | cvebase