CVE-2025-60687 is a command injection vulnerability found in the ToToLink LR1200GB Router firmware version 9.1.0u.6619_B20230130. The flaw resides in the cstecgi.cgi binary, within the sub_41EC68 function, which processes the 'imei' parameter from incoming web requests. The parameter is only validated for length (15 characters) but is then unsafely incorporated into a system command using sprintf() and executed via the system() call. This lack of proper input sanitization allows an unauthenticated attacker to craft a malicious 'imei' value that injects arbitrary shell commands, resulting in remote code execution on the router. The vulnerability does not require any authentication or user interaction, making it exploitable remotely over the network. The CVSS 3.1 base score is 6.5, reflecting medium severity with impacts primarily on confidentiality and integrity, but no direct availability impact. The vulnerability is categorized under CWE-77 (Improper Neutralization of Special Elements used in a Command). No patches or official fixes have been linked yet, and no known exploits are reported in the wild. This vulnerability could allow attackers to gain control over the router, manipulate network traffic, or pivot into internal networks, especially in environments where these routers are deployed as gateways or access points.

For European organizations, exploitation of this vulnerability could lead to unauthorized control over network routers, enabling attackers to intercept, modify, or redirect network traffic, potentially compromising sensitive data confidentiality and integrity. Small and medium enterprises or home office setups using ToToLink LR1200GB routers are particularly at risk, as these devices often lack advanced security monitoring. Compromised routers could serve as footholds for lateral movement within corporate networks or be used to launch further attacks such as man-in-the-middle or DNS hijacking. The absence of authentication requirements increases the risk of widespread exploitation if the device is exposed to the internet. Although no availability impact is directly indicated, attackers could disrupt network operations indirectly by modifying configurations or injecting malicious commands. The medium severity score suggests a significant but not critical threat, yet the ease of exploitation and potential for persistent compromise warrant urgent attention.

Organizations should immediately assess their network environments for the presence of ToToLink LR1200GB routers running the vulnerable firmware version 9.1.0u.6619_B20230130. Since no official patches are currently linked, mitigation should include isolating affected routers from direct internet exposure by implementing firewall rules or network segmentation. Disable remote management interfaces if not required, and restrict access to trusted IP addresses only. Monitor network traffic for unusual patterns or command injection attempts targeting the 'imei' parameter. Consider replacing vulnerable devices with models from vendors providing timely security updates. Additionally, implement network-level intrusion detection systems (IDS) capable of detecting command injection signatures and anomalous router behavior. Maintain up-to-date inventories of network devices and firmware versions to facilitate rapid response when patches become available.