CVE-2025-60699
BaseFortify
Publication date: 2025-11-13
Last updated on: 2025-11-18
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | a950rg_firmware | 5.9c.4592_b20191022 |
| totolink | a950rg | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow in the TOTOLINK A950RG Router firmware. Specifically, in the 'global.so' binary, the 'getSaveConfig' function copies user-supplied 'http_host' data into a fixed-size buffer without checking its length. An unauthenticated remote attacker can send a specially crafted HTTP request to exploit this flaw, potentially causing arbitrary code execution on the router.
How can this vulnerability impact me? :
Exploiting this vulnerability can allow an unauthenticated remote attacker to execute arbitrary code on the affected router. This could lead to full compromise of the device, unauthorized access to network traffic, disruption of network services, or use of the router as a foothold for further attacks within the network.