TOTOLINK A720R Command Injection Vulnerability (CNVD-2025-29711)

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK with dual-band Wi-Fi capabilities, focusing on high-speed internet and signal coverage. The TOTOLINK A720R suffers from a command injection vulnerability that stems from insufficient validation of the sysconf binary when...

CVE-2025-60675

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

EUVD-2025-175311

A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the sysconf binary sub401EE0 function. The binary reads the /proc/stat file using fgets into a local buffer and subsequently parses the line using sscanf into a single-byte variable with the %s forma...

PT-2025-46879

Name of the Vulnerable Software and Affected Versions D-Link DIR-823G router firmware version DIR823G V1.0.2B05 20181207.bin Description A command injection issue exists in the D-Link DIR-823G router firmware. The timelycheck and sysconf binaries process the /var/system/linux vlan reinit file. Th...

CVE-2025-60685

A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the sysconf binary sub401EE0 function. The binary reads the /proc/stat file using fgets into a local buffer and subsequently parses the line using sscanf into a single-byte variable with the %s forma...

CVE-2025-60671

CVE-2025-60671 affects the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin, via command injection in timelycheck and sysconf processing /var/system/linux_vlan_reinit. Root cause: content read from that file is only partially validated for a prefix and then formatted with vsnprintf(...

CVE-2025-60675

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823GV1.0.2B0520181207.bin in the timelycheck and sysconf binaries, which process the /tmp/newqos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenated...

PT-2025-46844

A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614 B20230630 within the sysconf binary, specifically in the sub 40BFA4 function that handles network interface reinitialization from '/var/system/linux vlan reinit'. Input is only partially validated by...

D-Link DIR-823G 安全漏洞

The D-Link DIR-823G is a wireless router from China's AUO D-Link. The D-Link DIR-823G suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the device...

PT-2025-46888

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G V1.0.2B05 20181207.bin in the timelycheck and sysconf binaries, which process the /tmp/new qos.rule configuration file. The vulnerability occurs because parsed fields from the configuration file are concatenat...