๐Ÿ” CVE Alert

CVE-2025-60687

MEDIUM 6.5
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th

An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB Router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long. The parameter is then directly inserted into a system command using sprintf() and executed with system(). Maliciously crafted IMEI input can execute arbitrary commands on the router without authentication.

Vendor n/a
Product n/a
Published Nov 13, 2025
Last Updated Jul 5, 2026
Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new medium vulnerabilities affecting n/a n/a are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

n/a / n/a
n/a

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
totolink.net: https://www.totolink.net/ github.com: https://github.com/yifan20020708/SGTaint-0-day/blob/main/ToToLink/ToToLink-LR1200GB/CVE-2025-60687.md