CVE-2025-60702 identifies a critical command injection vulnerability in the TOTOLINK A950RG router firmware version V5.9c.4592_B20191022_ALL. The vulnerability exists in the system.so binary within the setDiagnosisCfg function, which processes the ipDoamin parameter obtained via websGetVar from HTTP requests. This parameter is concatenated directly into a system ping command executed by CsteSystem() without any input validation or sanitization, leading to command injection. An unauthenticated remote attacker can exploit this by sending specially crafted HTTP requests to the router's web interface, injecting arbitrary shell commands that the router executes with system privileges. This allows full control over the device, including modifying configurations, launching further attacks, or disrupting network operations. The vulnerability does not require authentication or user interaction, increasing its risk. No CVSS score is assigned yet, and no patches or known exploits are currently documented. The flaw stems from insecure coding practices in handling user input in router firmware, a common issue in embedded device security. The TOTOLINK A950RG is a consumer and small business router, and its compromise could impact home and enterprise networks where it is deployed. The lack of input sanitization in a network-facing management interface makes this vulnerability highly exploitable and dangerous.

For European organizations, exploitation of this vulnerability could lead to complete compromise of affected routers, resulting in unauthorized access to internal networks, interception or manipulation of network traffic, and potential lateral movement to other systems. This could disrupt business operations, compromise sensitive data confidentiality and integrity, and degrade network availability. Small and medium enterprises using TOTOLINK A950RG routers without adequate network segmentation or security controls are particularly vulnerable. Attackers could leverage compromised routers as footholds for launching further attacks such as malware distribution, data exfiltration, or participation in botnets. Critical infrastructure or organizations with remote offices relying on these routers may face increased risk of espionage or sabotage. The unauthenticated nature of the exploit means attackers can operate stealthily without insider access, increasing the threat level. The absence of patches or mitigations at present exacerbates the risk, necessitating immediate defensive measures.

1. Immediately restrict access to the router's web management interface by limiting it to trusted internal IP addresses and disabling remote management if enabled. 2. Implement network segmentation to isolate routers from critical systems and sensitive data networks. 3. Monitor network traffic for unusual HTTP requests targeting the router's web interface, especially those containing suspicious parameters or command injection patterns. 4. Replace or upgrade affected TOTOLINK A950RG routers with devices from vendors that provide timely security updates and have secure coding practices. 5. If possible, apply any firmware updates or patches once released by TOTOLINK addressing this vulnerability. 6. Use network intrusion detection/prevention systems (IDS/IPS) with signatures to detect exploitation attempts targeting this vulnerability. 7. Educate IT staff about this vulnerability to ensure rapid response and incident handling. 8. Employ strong network access controls and multi-factor authentication on management interfaces where feasible to reduce attack surface. 9. Conduct regular security audits of network devices to identify and remediate insecure configurations. 10. Consider deploying web application firewalls (WAF) or reverse proxies to filter malicious HTTP requests to router interfaces.