CVE-2025-60686 – This vulnerability allows local attackers to tr... (How to Fix)

Q: What is the severity of CVE-2025-60686?

CVE-2025-60686 has a CVSS score of 5.1 (MEDIUM). This vulnerability allows local attackers to trigger stack-based buffer overflows in ToToLink router firmware by manipulating ARP table data. Attackers can cause denial of service or potentially execute arbitrary code on affected routers. Users of specific ToToLink router models with vulnerable firmware versions are affected.

📋 TL;DR

This vulnerability allows local attackers to trigger stack-based buffer overflows in ToToLink router firmware by manipulating ARP table data. Attackers can cause denial of service or potentially execute arbitrary code on affected routers. Users of specific ToToLink router models with vulnerable firmware versions are affected.

💻 Affected Systems

Products:

ToToLink A720R
ToToLink LR1200GB
ToToLink NR1800X

Versions: A720R V4.1.5cu.614_B20230630, LR1200GB V9.1.0u.6619_B20230130, NR1800X V9.1.0u.6681_B20230703

Operating Systems: Embedded Linux firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configurations of affected firmware versions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Arbitrary code execution with root privileges leading to complete router compromise, persistence, and network infiltration.

🟠

Likely Case

Router crash and denial of service requiring physical reset or power cycle.

🟢

If Mitigated

Limited to denial of service if exploit attempts are detected and blocked.

🌐 Internet-Facing: LOW - Requires local access to router interface or network.

🏢 Internal Only: MEDIUM - Attackers on local network can exploit if they gain ability to manipulate ARP table.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit requires local access and ability to manipulate /proc/net/arp contents. Public GitHub repository contains proof-of-concept.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: Yes

Instructions:

1. Check ToToLink website for firmware updates. 2. Download latest firmware for your model. 3. Access router admin interface. 4. Navigate to firmware upgrade section. 5. Upload and apply new firmware. 6. Reboot router.

🔧 Temporary Workarounds

Restrict ARP table manipulation

linux

Implement network controls to prevent unauthorized ARP table modifications

arp -s <IP> <MAC> (static ARP entries)
iptables -A INPUT -p ARP -j DROP (block ARP if not needed)

Network segmentation

all

Isolate router management interface from untrusted networks

🧯 If You Can't Patch

Replace affected routers with updated models or different vendors
Implement strict network access controls and monitor for ARP spoofing attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface matches affected versions. Examine /proc/net/arp file permissions and contents.

Check Version:

cat /proc/version or check router web interface system info

Verify Fix Applied:

Verify firmware version has been updated to a version later than affected versions. Test if ARP table manipulation triggers crashes.

📡 Detection & Monitoring

Log Indicators:

Router crash/reboot logs
ARP table corruption warnings
Memory violation errors in system logs

Network Indicators:

Unusual ARP traffic patterns
Router becoming unresponsive
Multiple ARP requests from single source

SIEM Query:

source="router_logs" AND ("crash" OR "reboot" OR "buffer overflow" OR "segmentation fault")

📊 Metadata

CVE ID: CVE-2025-60686

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CWE: CWE-121

EPSS Score: 0.02% exploit probability (5.8th percentile)

Published: November 13, 2025

Last Updated: November 19, 2025

🔗 References

http://totolink.com Broken Link
https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-A720R/CVE-2025-60686.md Exploit,Third Party Advisory
https://www.totolink.net/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60686, you might also want to check these: