CVE-2025-60686 is a stack-based buffer overflow vulnerability affecting two CGI binaries—infostat.cgi and cstecgi.cgi—on specific ToToLink router models (A720R, LR1200GB, NR1800X). Both binaries parse the contents of the /proc/net/arp file using sscanf() calls with "%s" format specifiers, which do not enforce length limits on input strings. This results in user-controlled data being copied into fixed-size stack buffers without bounds checking. One vulnerable function writes data into a single-byte buffer, while the other writes into adjacent small arrays, causing memory corruption. An attacker who can manipulate the contents of /proc/net/arp locally can trigger this overflow, potentially causing a denial of service or enabling arbitrary code execution. The attack vector requires local access but no privileges or user interaction, making it a local privilege escalation or local denial of service risk. The vulnerability is classified under CWE-121 (stack-based buffer overflow). The CVSS 3.1 base score is 5.1, reflecting medium severity due to local attack vector and limited impact on confidentiality and integrity but possible availability impact. No patches or known exploits are currently available, emphasizing the need for proactive mitigation.

For European organizations, the impact of CVE-2025-60686 primarily involves potential denial of service or local compromise of affected ToToLink routers. Disruption of router functionality can lead to network outages, impacting business continuity and operational availability. In scenarios where attackers achieve arbitrary code execution, they could pivot within internal networks, compromising sensitive data or disrupting services. Given the local access requirement, the threat is more significant in environments where attackers have physical or network-level access to the router's management interfaces or where internal threat actors exist. Critical infrastructure, enterprises, and service providers using these ToToLink models could face increased risk of service degradation or targeted attacks. The medium CVSS score reflects moderate risk, but the potential for exploitation in sensitive environments warrants attention. Lack of available patches increases exposure duration, especially in organizations with slow update cycles.

Organizations should immediately inventory their network infrastructure to identify any affected ToToLink router models (A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, NR1800X V9.1.0u.6681_B20230703). Until official patches are released, mitigate risk by restricting local access to router management interfaces and limiting who can manipulate /proc/net/arp contents. Implement network segmentation to isolate routers from untrusted internal users and devices. Disable or restrict access to vulnerable CGI binaries if possible. Monitor router logs for unusual activity indicative of exploitation attempts. Employ host-based intrusion detection systems to detect anomalous behavior on routers. Engage with ToToLink support channels to obtain updates or patches promptly. Consider replacing vulnerable devices with models that have confirmed security updates if mitigation is not feasible. Regularly review and harden router configurations to minimize attack surface.