Cyber Resilience

CVE-2025-60684

MediumPublic PoC

Published: 13 November 2025

Published
13 November 2025
Modified
24 November 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
EPSS Score 0.0032 55.7th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-60684 is a medium-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Totolink Lr1200Gb Firmware. Its CVSS base score is 6.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 44.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers…

more

without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Unauthenticated stack buffer overflow in the router's public-facing web interface (cstecgi.cgi) enables arbitrary code execution via exploitation of a public-facing application.

Affected Assets

totolink
lr1200gb firmware
9.1.0u.6619_b20230130
totolink
nr1800x firmware
9.1.0u.6681_b20230703

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References