CVE-2025-46060
BaseFortify
Publication date: 2025-06-13
Last updated on: 2025-06-16
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | n600r_firmware | 4.3.0cu.7866_b2022506 |
| totolink | n600r | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the TOTOLINK N600R router firmware version V4.3.0cu.7866. It occurs in the `cstecgi.cgi` executable when the `UPLOAD_FILENAME` environment variable is used without proper bounds checking. An attacker can supply an excessively long filename string, causing the buffer to overflow and overwrite critical control data on the stack, such as the return address. This flaw allows a remote attacker to execute arbitrary code on the device. [1]
How can this vulnerability impact me? :
This vulnerability can allow a remote attacker to execute arbitrary code on the affected TOTOLINK N600R router. This means the attacker could potentially take full control of the device, leading to unauthorized access, disruption of network services, interception or manipulation of network traffic, and further compromise of connected systems. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the TOTOLINK N600R router is running firmware version V4.3.0cu.7866_B20220506 and by testing the vulnerable CGI binary `cstecgi.cgi` for buffer overflow via the `UPLOAD_FILENAME` environment variable. A practical detection method involves simulating or monitoring for unusually long `UPLOAD_FILENAME` values in requests to the router's CGI interface. For example, using a tool like curl or a custom script to send requests with a very long `UPLOAD_FILENAME` parameter and observing if the device crashes or behaves unexpectedly. Debugging tools like `gdb-multiarch` can be used in an emulated environment (e.g., QEMU) to confirm the overflow. Specific commands are not provided, but the approach involves sending crafted HTTP requests with long `UPLOAD_FILENAME` values and monitoring the device's response or stability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable firmware version V4.3.0cu.7866_B20220506 on TOTOLINK N600R routers. If possible, upgrade to a patched firmware version once available from the vendor. As a temporary measure, restrict access to the router's web interface or CGI endpoints from untrusted networks to prevent exploitation via the `UPLOAD_FILENAME` parameter. Monitoring and filtering HTTP requests to block suspiciously long filenames or malformed requests targeting the CGI interface can also help reduce risk. [1]