Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the NTP configuration handler (/boafrm/formNtp). An authenticated attacker can remotely trigger a buffer overflow via the 'submit-url' parameter in HTTP POST requests, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets active exploitation criteria.
Technical ContextAI
The vulnerability resides in the HTTP POST request handler for NTP (Network Time Protocol) configuration in TOTOLINK X15 routers. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a classic buffer overflow condition where user-supplied input from the 'submit-url' parameter is written to a fixed-size buffer without proper bounds checking. The affected component is the web administration interface running on the device, likely a proprietary firmware management service. The /boafrm/formNtp endpoint processes NTP settings but fails to validate input length, allowing attackers to overflow the heap or stack and corrupt adjacent memory structures, potentially achieving arbitrary code execution within the router's privileged context.
RemediationAI
Immediate action required: (1) Check TOTOLINK security advisories and firmware releases for patched versions beyond 1.0.0-B20230714.1105; (2) If patched firmware is available, schedule immediate deployment to all affected X15 devices, prioritizing production/critical infrastructure deployments; (3) Interim mitigations pending patch availability: restrict access to the web administration interface to trusted IP addresses only via firewall/access control lists; disable remote management features if not required; implement network segmentation to isolate router management traffic; enforce strong authentication credentials (non-default passwords) and consider disabling HTTP access in favor of HTTPS-only with certificate pinning; (4) Monitor device logs for POST requests to /boafrm/formNtp with abnormally large 'submit-url' parameter values, which may indicate exploitation attempts; (5) Contact TOTOLINK support (http://www.totolink.net or regional support channels) for patch availability and advisories; (6) Consider replacement with alternative vendor solutions if TOTOLINK does not provide timely security updates.
More in X15 Firmware
View allA buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.
Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST r
Critical remote buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting t
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown
CVE-2025-6399 is a critical buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105)
CVE-2025-6402 is a critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affectin
A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this
Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST req
Critical buffer overflow vulnerability in TOTOLINK X15 router firmware version 1.0.0-B20230714.1105, affecting the HTTP
Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST req
Critical buffer overflow vulnerability in TOTOLINK X15 1.0.0-B20230714.1105 affecting the DMZ configuration HTTP POST ha
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-17094