CVE-2025-60688

Name of the Vulnerable Software and Affected Versions TOTOLINK LR1200GB versions prior to V9.1.0u.6619 B20230130 TOTOLINK NR1800X versions prior to V9.1.0u.6681 B20230703

Description A stack buffer overflow exists in the cstecgi.cgi binary of TOTOLINK routers. The issue is located within the setDefResponse function. The binary copies the IpAddress parameter from a web request into a fixed-size stack buffer using the strcpy() function without validating the input length. A crafted input can cause a buffer overflow, potentially leading to arbitrary code execution or memory corruption. Authentication is not required for exploitation.

Recommendations TOTOLINK LR1200GB versions prior to V9.1.0u.6619 B20230130: Update to version V9.1.0u.6619 B20230130 or later. TOTOLINK NR1800X versions prior to V9.1.0u.6681 B20230703: Update to version V9.1.0u.6681 B20230703 or later.