CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-60684

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.3%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2025-60684

Totolink » Lr1200gb » Version: N/A

cpe:2.3:h:totolink:lr1200gb:-
Totolink » Nr1800x » Version: N/A

cpe:2.3:h:totolink:nr1800x:-
Totolink » Lr1200gb Firmware » Version: 9.1.0u.6619_b20230130

cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130
Totolink » Nr1800x Firmware » Version: 9.1.0u.6681_b20230703

cpe:2.3:o:totolink:nr1800x_firmware:9.1.0u.6681_b20230703

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-60684

Products

Pricing

Contact Us