CVE-2025-5736

| EUVD-2025-17094 HIGH
2025-06-06 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17094
CVE Published
Jun 06, 2025 - 08:15 nvd
HIGH 8.8

Tags

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK

Description

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the NTP configuration handler (/boafrm/formNtp). An authenticated attacker can remotely trigger a buffer overflow via the 'submit-url' parameter in HTTP POST requests, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets active exploitation criteria.

Technical Context

The vulnerability resides in the HTTP POST request handler for NTP (Network Time Protocol) configuration in TOTOLINK X15 routers. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), specifically a classic buffer overflow condition where user-supplied input from the 'submit-url' parameter is written to a fixed-size buffer without proper bounds checking. The affected component is the web administration interface running on the device, likely a proprietary firmware management service. The /boafrm/formNtp endpoint processes NTP settings but fails to validate input length, allowing attackers to overflow the heap or stack and corrupt adjacent memory structures, potentially achieving arbitrary code execution within the router's privileged context.

Affected Products

X15 (1.0.0-B20230714.1105)

Remediation

Immediate action required: (1) Check TOTOLINK security advisories and firmware releases for patched versions beyond 1.0.0-B20230714.1105; (2) If patched firmware is available, schedule immediate deployment to all affected X15 devices, prioritizing production/critical infrastructure deployments; (3) Interim mitigations pending patch availability: restrict access to the web administration interface to trusted IP addresses only via firewall/access control lists; disable remote management features if not required; implement network segmentation to isolate router management traffic; enforce strong authentication credentials (non-default passwords) and consider disabling HTTP access in favor of HTTPS-only with certificate pinning; (4) Monitor device logs for POST requests to /boafrm/formNtp with abnormally large 'submit-url' parameter values, which may indicate exploitation attempts; (5) Contact TOTOLINK support (http://www.totolink.net or regional support channels) for patch availability and advisories; (6) Consider replacement with alternative vendor solutions if TOTOLINK does not provide timely security updates.

Priority Score

44
Low Medium High Critical
KEV: 0
EPSS: +0.4
CVSS: +44
POC: 0

Share

CVE-2025-5736 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy