Vulnerability Details CVE-2025-60685
A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte variable with the %s format specifier. Maliciously crafted /proc/stat content can overwrite adjacent stack memory, potentially allowing an attacker with filesystem write privileges to execute arbitrary code on the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.6%
CVSS Severity
CVSS v3 Score 5.1
References
Products affected by CVE-2025-60685
-
cpe:2.3:h:totolink:a720r:-
-
cpe:2.3:o:totolink:a720r_firmware:4.1.5cu.614_b20230630