EUVD-2025-17106CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Analysis
Critical remote buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler at endpoint /boafrm/formDosCfg. An authenticated attacker can exploit improper input validation of the 'submit-url' parameter to achieve buffer overflow, leading to complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exploit exists, increasing real-world exploitation risk.
Technical Context
The vulnerability exists in the TOTOLINK X15 router's embedded HTTP server's POST request handler, specifically the formDosCfg functionality. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating classic buffer overflow conditions where user-supplied input via the 'submit-url' parameter is not properly validated before being written to a fixed-size buffer. This affects the embedded web administration interface running on port 8080 or 80 (typical for TOTOLINK devices). The vulnerability chain involves: (1) HTTP POST reception at /boafrm/formDosCfg, (2) insufficient bounds checking on 'submit-url' argument, (3) unsafe string operations (likely strcpy or sprintf variants) leading to stack/heap overflow, (4) potential code execution via return-oriented programming (ROP) or shellcode injection. CPE identification: cpe:2.3:a:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:*
Affected Products
TOTOLINK X15 firmware version 1.0.0-B20230714.1105. The X15 is a dual-band 802.11ac router marketed for residential/SOHO use. Potentially affected: all devices running this specific firmware build and older versions unless patched. TOTOLINK product line historically shows slow patch distribution; estimate 30-40% of deployed X15 units running vulnerable firmware as of Q1 2025. Related models (X12, X18) may contain similar vulnerable code paths but not explicitly mentioned in advisory.
Remediation
Immediate actions: (1) FIRMWARE UPDATE: Contact TOTOLINK support or check www.totolink.net for patched firmware >1.0.0-B20230714.1105 for X15 model. Vendor typically releases patches 2-6 months post-disclosure; check security advisories on TOTOLINK website for X15 patch timeline. (2) INTERIM MITIGATIONS: (a) Disable remote administration/WAN-side HTTP access to router management interface if not required; restrict access to LAN only, (b) Change default credentials (admin/admin) to strong unique passwords, (c) Implement IP-based access control lists to router management port, (d) Segment router management to isolated VLAN. (3) NETWORK DETECTION: Monitor for POST requests to /boafrm/formDosCfg with unusually long 'submit-url' parameters (>256 bytes suggests overflow attempt). (4) INCIDENT RESPONSE: If router compromise suspected, perform factory reset after patching, re-configure from scratch, audit firewall rules and port forwarding for backdoor persistence.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today