CVE-2025-60684
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk38th percentile - higher than 38% of all known CVEs
Summary
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB and NR1800X router firmware in the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation, potentially leading to arbitrary code execution or memory corruption without authentication.
Risk Assessment
An attacker can remotely take control of the router without knowing the password, enabling network traffic interception, configuration modification, or using the device as an entry point into the organization's internal network.
Recommendation
Immediately update the firmware of ToToLink LR1200GB and NR1800X routers to the latest version available from the vendor. If an update is not available, restrict management interface access to trusted IP addresses or disable remote access.
Original NVD description (English source)
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication.

