CVE-2025-60685
MediumCVSS 5.1Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte variable with the %s format specifier. Maliciously crafted /proc/stat content can overwrite adjacent stack memory, potentially allowing an attacker with filesystem write privileges to execute arbitrary code on the device.
Risk Assessment
An attacker with local filesystem access could exploit this vulnerability to gain control over the router, potentially compromising the integrity and confidentiality of network traffic.
Recommendation
Immediately update the router firmware to the latest version available from the vendor and restrict filesystem write permissions to trusted users only.
Original NVD description (English source)
A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte variable with the %s format specifier. Maliciously crafted /proc/stat content can overwrite adjacent stack memory, potentially allowing an attacker with filesystem write privileges to execute arbitrary code on the device.

