CVE-2025-60699 – This CVE describes a buffer overflow vulnerabil... (How to Fix)

Q: What is the severity of CVE-2025-60699?

CVE-2025-60699 has a CVSS score of 6.5 (MEDIUM). This CVE describes a buffer overflow vulnerability in TOTOLINK A950RG router firmware that allows unauthenticated remote attackers to execute arbitrary code. Attackers can exploit it by sending specially crafted HTTP requests to the router's web interface. All users of affected router firmware versions are vulnerable.

📋 TL;DR

This CVE describes a buffer overflow vulnerability in TOTOLINK A950RG router firmware that allows unauthenticated remote attackers to execute arbitrary code. Attackers can exploit it by sending specially crafted HTTP requests to the router's web interface. All users of affected router firmware versions are vulnerable.

💻 Affected Systems

Products:

TOTOLINK A950RG Router

Versions: Firmware V5.9c.4592_B20191022_ALL

Operating Systems: Embedded Linux (router firmware)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration. The web interface is typically enabled and accessible by default.

📦 What is this software?

A950rg Firmware by Totolink

View all CVEs affecting A950rg Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router compromise allowing attacker to install persistent malware, intercept all network traffic, pivot to internal networks, and potentially brick the device.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft from network traffic, and creation of botnet node for DDoS attacks.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted web interface access, though still vulnerable to internal threats.

🌐 Internet-Facing: HIGH - Router web interfaces are typically internet-facing by default, allowing direct remote exploitation.

🏢 Internal Only: MEDIUM - Internal attackers on the network can still exploit the vulnerability to compromise the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repositories contain detailed analysis and likely exploit code. The vulnerability requires only HTTP requests to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.totolink.net/

Restart Required: Yes

Instructions:

1. Check vendor website for firmware updates 2. Download latest firmware 3. Access router admin interface 4. Navigate to firmware upgrade section 5. Upload and apply new firmware 6. Reboot router

🔧 Temporary Workarounds

Disable Web Interface Remote Access

all

Disable remote administration/WAN access to router web interface

Network Segmentation

all

Place router on isolated management network segment

🧯 If You Can't Patch

Replace router with different model/brand
Implement strict firewall rules blocking all external access to router web interface (ports 80/443)

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is V5.9c.4592_B20191022_ALL, device is vulnerable.

Check Version:

Login to router web interface and check System Status or Firmware Information page

Verify Fix Applied:

Verify firmware version has been updated to a version newer than V5.9c.4592_B20191022_ALL.

📡 Detection & Monitoring

Log Indicators:

Unusually long HTTP requests to router web interface
Multiple failed login attempts followed by buffer overflow patterns

Network Indicators:

HTTP POST requests with abnormally long http_host parameters
Traffic to router web interface from unexpected external IPs

SIEM Query:

source="router_logs" AND (uri="*http_host=*" AND length(uri)>1000) OR (event_type="buffer_overflow" AND device_type="router")

📊 Metadata

CVE ID: CVE-2025-60699

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-121

EPSS Score: 1.62% exploit probability (81.5th percentile)

Published: November 13, 2025

Last Updated: November 18, 2025

🔗 References

https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-A950RG/2.md Broken Link
https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-A950RG/CVE-2025-60699.md Exploit,Third Party Advisory
https://www.totolink.net/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-60699, you might also want to check these: