EUVD-2025-17105CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Analysis
Critical buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler at endpoint /boafrm/formStats. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability is actively exploitable.
Technical Context
The vulnerability exists in a web-based firmware management interface (likely Boa web server, common in TOTOLINK routers) that processes HTTP POST requests. The affected endpoint /boafrm/formStats handles form submissions without proper bounds checking on the 'submit-url' parameter. This represents a classic CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) stack or heap buffer overflow. The root cause is insufficient input validation and lack of safe string handling functions (likely strcpy or similar unbounded copy operations rather than strncpy/strlcpy equivalents). TOTOLINK X15 is a budget consumer Wi-Fi router; the vulnerability affects the administrative web interface which processes user-supplied data without sanitization. The HTTP POST handler directly passes unsanitized user input to a buffer with fixed dimensions.
Affected Products
TOTOLINK X15, firmware version 1.0.0-B20230714.1105 (July 14, 2023 build). Estimated CPE: cpe:2.3:o:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:* and cpe:2.3:h:totolink:x15:-:*:*:*:*:*:*:*. The vulnerability likely affects other TOTOLINK router models using similar firmware codebases and the Boa web server framework. No evidence of patched firmware versions provided in available disclosure data; router manufacturer TOTOLINK's security response timeline is unknown.
Remediation
Immediate remediation steps: (1) Check TOTOLINK official website and product support pages for patched firmware releases (typically versioned higher than 1.0.0-B20230714.1105); (2) If available, apply latest firmware update via router admin panel (Administration > Firmware Upgrade); (3) As interim mitigation, restrict administrative access: disable remote management (ensure WAN access to admin interface is disabled), enforce strong admin credentials (change from defaults), and isolate router admin interface to trusted networks only; (4) Monitor for suspicious /boafrm/formStats POST requests in router logs if accessible; (5) Consider replacing the router if TOTOLINK does not release a patch within 90 days or discontinues support (TOTOLINK has poor track record of timely firmware updates). No vendor advisory URL was provided in the CVE description; check TOTOLINK's security page, OpenWrt community, or vulnerability databases for patches.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today