How to fix CVE-2025-5734?

Within 24 hours: Identify and inventory all TOTOLIK X15 devices running version 1.0.0-B20230714.1105 in your environment and isolate affected units from critical network segments. Within 7 days: Implement network-based mitigations (WAF rules blocking POST requests to /boafrm/formWlanRedirect with suspicious redirect-url parameters) and restrict HTTP access to affected devices to authorized administrators only. Within 30 days: Replace vulnerable devices with alternative equipment from vendors with active security support, or await vendor patch release and deploy immediately upon availability.

Is X15 Firmware affected by CVE-2025-5734?

A critical remote code execution vulnerability affecting TOTOLINK X15 routers has been publicly disclosed with no patch currently available.

CVE-2025-5734

EUVD-2025-17096 HIGH

2025-06-06 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17096

CVE Published

Jun 06, 2025 - 08:15 nvd

HIGH 8.8

Description

A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formWlanRedirect endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'redirect-url' parameter to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit code available, significantly increasing real-world exploitation risk.

Technical Context

The vulnerability exists in the HTTP POST request handler component of TOTOLINK's web-based management interface, specifically in the /boafrm/formWlanRedirect endpoint. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition where user-supplied input via the 'redirect-url' parameter is not properly validated for length before being written to a fixed-size stack or heap buffer. This affects embedded router firmware running on TOTOLINK X15 devices (CPE likely: cpe:2.3:o:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:*). The boafrm framework is a common web form handler in TOTOLINK devices; the improper bounds checking allows an attacker to overflow adjacent memory and potentially overwrite return addresses or function pointers to gain code execution.

Affected Products

X15 Router (['1.0.0-B20230714.1105'])

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.4

CVSS: +44

POC: 0

CVE-2025-5734 vulnerability details – vuln.today

Back

CVE-2025-5734

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-5734

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code