CVE-2025-60684

Name of the Vulnerable Software and Affected Versions ToToLink LR1200GB versions 9.1.0u.6619 B20230130 ToToLink NR1800X versions 9.1.0u.6681 B20230703

Description A stack buffer overflow issue exists in the ToToLink routers. The web interface reads the lang parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input to the lang parameter can overflow these buffers, potentially leading to arbitrary code execution or memory corruption. This does not require authentication. The vulnerable component is the cstecgi.cgi binary, specifically the sub 42F32C function.

Recommendations ToToLink LR1200GB version 9.1.0u.6619 B20230130: At the moment, there is no information about a newer version that contains a fix for this vulnerability. ToToLink NR1800X version 9.1.0u.6681 B20230703: At the moment, there is no information about a newer version that contains a fix for this vulnerability.