CVE-2025-60335 – A NULL pointer dereference vulnerability in TOT... (How to Fix)

Q: What is the severity of CVE-2025-60335?

CVE-2025-60335 has a CVSS score of 7.5 (HIGH). A NULL pointer dereference vulnerability in TOTOLINK N600R routers allows attackers to crash the device via specially crafted HTTP requests, causing a Denial of Service. This affects users of TOTOLINK N600R routers running vulnerable firmware versions. The device becomes unresponsive until manually rebooted.

📋 TL;DR

A NULL pointer dereference vulnerability in TOTOLINK N600R routers allows attackers to crash the device via specially crafted HTTP requests, causing a Denial of Service. This affects users of TOTOLINK N600R routers running vulnerable firmware versions. The device becomes unresponsive until manually rebooted.

💻 Affected Systems

Products:

TOTOLINK N600R

Versions: v4.3.0cu.7866_B20220506

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects this specific firmware version. Other TOTOLINK models or different firmware versions may not be vulnerable.

📦 What is this software?

N600r Firmware by Totolink

View all CVEs affecting N600r Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent DoS rendering the router completely inoperable, requiring physical reset and disrupting all network connectivity for connected devices.

🟠

Likely Case

Temporary service disruption where the router crashes and requires reboot, causing network downtime for minutes to hours.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring allowing quick detection and recovery.

🌐 Internet-Facing: HIGH - The vulnerability is triggered via HTTP requests and routers are typically internet-facing devices.

🏢 Internal Only: MEDIUM - Could be exploited from internal networks if attacker gains access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available on GitHub showing how to trigger the NULL pointer dereference via HTTP request with specific CONTENT-LENGTH header.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

1. Check TOTOLINK website for firmware updates. 2. Download latest firmware for N600R. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Wait for router to reboot.

🔧 Temporary Workarounds

HTTP Request Filtering

all

Block or filter HTTP requests with abnormal CONTENT-LENGTH headers at network perimeter

Access Restriction

linux

Restrict HTTP/HTTPS access to router management interface to trusted IPs only

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Segment router management interface to isolated VLAN with strict access controls
Implement network monitoring for abnormal HTTP traffic patterns targeting router IP

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is exactly v4.3.0cu.7866_B20220506, device is vulnerable.

Check Version:

Check router web interface at http://[router-ip]/ or use nmap scan: nmap -sV -p 80,443 [router-ip]

Verify Fix Applied:

After firmware update, verify version has changed from v4.3.0cu.7866_B20220506 to newer version.

📡 Detection & Monitoring

Log Indicators:

Router crash/reboot logs
HTTP requests with abnormal CONTENT-LENGTH values
Failed HTTP connections to router management interface

Network Indicators:

HTTP requests to router IP with CONTENT-LENGTH header manipulation
Sudden loss of connectivity to router

SIEM Query:

source="router_logs" AND (event="crash" OR event="reboot") OR http.request.uri contains "/" AND http.headers.content_length > [threshold]

📊 Metadata

CVE ID: CVE-2025-60335

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 1.98% exploit probability (83.3th percentile)

Published: October 22, 2025

Last Updated: October 24, 2025

🔗 References

https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/TOTOLink/main/CONTENT_LENGTH_MAX.md Exploit,Third Party Advisory
https://github.com/z472421519/BinaryAudit/blob/main/PoC/NPD/TOTOLink/main/CONTENT_LENGTH_MAX.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60335, you might also want to check these: