CVE & Exploit Intelligence Database

CVE-2025-60686 5.1 MEDIUM 1 Writeup EPSS 0.00

A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, and NR1800X V9.1.0u.6681_B20230703). Both programs parse the contents of /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation. Specifically, one function writes user-controlled data into a single-byte buffer, and the other into adjacent small arrays without bounds checking. An attacker who controls the contents of /proc/net/arp can trigger memory corruption, leading to denial of service or potential arbitrary code execution.

CWE-121 Nov 13, 2025

CVE-2025-60685 5.1 MEDIUM 1 Writeup EPSS 0.00

A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte variable with the %s format specifier. Maliciously crafted /proc/stat content can overwrite adjacent stack memory, potentially allowing an attacker with filesystem write privileges to execute arbitrary code on the device.

CWE-121 Nov 13, 2025

CVE-2025-60683 6.5 MEDIUM 1 Writeup EPSS 0.15

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface reinitialization from '/var/system/linux_vlan_reinit'. Input is only partially validated by checking the prefix of interface names, and is concatenated into shell commands executed via system() without escaping. An attacker with write access to this file can execute arbitrary commands on the device.

CWE-77 Nov 13, 2025

CVE-2025-60682 6.5 MEDIUM 1 Writeup EPSS 0.02

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell commands and executed via system() without any sanitization or escaping. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device.

CWE-77 Nov 13, 2025

CVE-2025-9303 8.8 HIGH 1 Writeup EPSS 0.01

A security flaw has been discovered in TOTOLINK A720R 4.1.5cu.630_B20250509. This issue affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument desc results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

CWE-119 Aug 21, 2025

CVE-2025-4271 5.3 MEDIUM 1 Writeup EPSS 0.00

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CWE-284 May 05, 2025

CVE-2025-4270 5.3 MEDIUM EXPLOITED 1 Writeup EPSS 0.00

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CWE-284 May 05, 2025

CVE-2025-4269 6.5 MEDIUM 1 Writeup EPSS 0.00

A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manipulation of the argument topicurl with the input clearDiagnosisLog/clearSyslog/clearTracerouteLog leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CWE-284 May 05, 2025

CVE-2025-4268 5.3 MEDIUM 1 Writeup EPSS 0.00

A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CWE-287 May 05, 2025

CVE-2024-8869 5.0 MEDIUM EPSS 0.00

A vulnerability classified as critical has been found in TOTOLINK A720R 4.1.5. Affected is the function exportOvpn. The manipulation leads to os command injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

CWE-78 Sep 15, 2024

CVE-2023-23064 9.8 CRITICAL 1 Writeup EPSS 0.00

TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.

CWE-863 Feb 17, 2023

CVE-2022-38535 7.2 HIGH 1 Writeup EPSS 0.04

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.

CWE-78 Sep 15, 2022

CVE-2022-38534 7.2 HIGH 1 Writeup EPSS 0.04

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function.

CWE-78 Sep 15, 2022

CVE-2022-36610 7.8 HIGH 1 Writeup EPSS 0.00

TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

CWE-798 Aug 29, 2022

CVE-2022-36456 7.8 HIGH EPSS 0.01

TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.

CWE-78 Aug 25, 2022

CVE-2021-43662 6.5 MEDIUM 1 Writeup EPSS 0.00

totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.

CWE-770 Mar 31, 2022

CVE-2021-45742 9.8 CRITICAL EPSS 0.19

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.

CWE-77 Feb 04, 2022

CVE-2021-45740 9.8 CRITICAL EPSS 0.01

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the setWiFiWpsStart function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the pin parameter.

Feb 04, 2022

CVE-2021-45739 7.5 HIGH EPSS 0.00

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the flag parameter.

Feb 04, 2022

CVE-2021-45737 7.5 HIGH EPSS 0.00

TOTOLINK A720R v4.1.5cu.470_B20200911 was discovered to contain a stack overflow in the Form_Login function. This vulnerability allows attackers to cause a Denial of Service (DoS) via the Host parameter.

Feb 04, 2022