CVE-2025-60685

CVSS v3.1

5.1

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions ToToLink A720R Router firmware version 4.1.5cu.614 B20230630

Description A stack buffer overflow exists in the ToToLink A720R Router firmware. The issue is located within the sysconf binary, specifically in the sub 401EE0 function. The binary uses fgets() to read the /proc/stat file into a local buffer and then parses the line using sscanf() with the %s format specifier into a single-byte variable. A maliciously crafted /proc/stat file can overwrite adjacent stack memory, potentially allowing an attacker with filesystem write privileges to execute arbitrary code on the device.

Recommendations Update to a newer version of the ToToLink A720R Router firmware that addresses this issue.

Exploit

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

BDU:2025-14908

CVE-2025-60685

Affected Products

Totolink A720R Router

CVE-2025-60685

Weakness Enumeration

Related Identifiers

Affected Products

References · 6