CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-60688

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (setDefResponse function). The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stack buffer using strcpy() without any length validation. Maliciously crafted input can overflow the buffer, leading to potential arbitrary code execution or memory corruption, without requiring authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 32.6%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2025-60688

Totolink » Lr1200gb » Version: N/A

cpe:2.3:h:totolink:lr1200gb:-
Totolink » Nr1800x » Version: N/A

cpe:2.3:h:totolink:nr1800x:-
Totolink » Lr1200gb Firmware » Version: 9.1.0u.6619_b20230130

cpe:2.3:o:totolink:lr1200gb_firmware:9.1.0u.6619_b20230130
Totolink » Nr1800x Firmware » Version: 9.1.0u.6681_b20230703

cpe:2.3:o:totolink:nr1800x_firmware:9.1.0u.6681_b20230703

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-60688

Products

Pricing

Contact Us