CVE-2025-60683

Name of the Vulnerable Software and Affected Versions TOTOLINK A720R Router firmware version 4.1.5cu.614 B20230630

Description A command injection issue exists in the TOTOLINK A720R Router firmware. The sub 40BFA4 function does not properly sanitize data at the management level. Exploitation allows a remote attacker to execute arbitrary commands. The issue is located within the sysconf binary, specifically in the function sub 40BFA4 which handles network interface reinitialization from the '/var/system/linux vlan reinit' path. Input validation only checks the prefix of interface names before concatenating it into shell commands executed via the system() function without proper escaping.

Recommendations Update to a newer version that contains a fix for this vulnerability.