Stack Buffer Overflow in ToToLink A720R Router Firmware
CVE-2025-60685

5.1MEDIUM

Key Information:

Vendor: ToToLink
Status: A720R Router
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-60685?

A vulnerability identified in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 allows for a stack buffer overflow within the sysconf binary. This issue arises when the binary reads the /proc/stat file using fgets() and subsequently parses the line using sscanf() into a single-byte variable. If an attacker with filesystem write privileges crafts malicious content for the /proc/stat file, it could lead to the overwriting of adjacent stack memory. This exploitation potential could enable the attacker to execute arbitrary code on the router, posing a significant security risk.

References

http://totolink.com

https://www.totolink.net/

https://github.com/yifan20020708/SGTaint-0-day/blob/main/...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Sep 26, 2025

JSON