CVE-2025-6165

| EUVD-2025-18480 HIGH
2025-06-17 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18480
PoC Detected
Jun 23, 2025 - 18:54 vuln.today
Public exploit code
CVE Published
Jun 17, 2025 - 06:15 nvd
HIGH 8.8

Tags

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK

Description

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler in the /boafrm/formTmultiAP endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete compromise of the router (data theft, modification, and denial of service). Public exploit code is available and the vulnerability meets the profile of actively exploitable threats.

Technical Context

The vulnerability exists in the HTTP POST request handler component of TOTOLINK's web management interface, specifically in the /boafrm/formTmultiAP endpoint. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow flaw where user-supplied input via the 'submit-url' parameter is not properly validated for length before being written to a fixed-size buffer. This affects TOTOLINK X15 routers running firmware version 1.0.0-B20230714.1105. The HTTP POST handler processes multi-AP (access point) configuration requests, and the unsanitized parameter creates an arbitrary memory write primitive. CPE identification: vendor:totolink, product:x15, version:1.0.0-b20230714.1105. The vulnerability involves stack or heap-based buffer overflow depending on buffer allocation strategy used in the formTmultiAP handler.

Affected Products

X15 (1.0.0-B20230714.1105 (confirmed))

Remediation

Firmware Update: Contact TOTOLINK support or check their official support portal for a patched firmware version newer than 1.0.0-B20230714.1105. Apply the update immediately through the router's web interface or recovery procedure.; priority: CRITICAL Temporary Mitigation (if patch unavailable): Restrict network access to the router's web management interface: (1) Disable remote management if enabled; (2) Use firewall rules to limit HTTP/HTTPS access to trusted IPs only; (3) Change default administrative credentials to strong, unique passwords; (4) Isolate the router on a segregated management network.; priority: HIGH Detection: Monitor for HTTP POST requests to /boafrm/formTmultiAP with unusually long 'submit-url' parameters (>256 bytes typical); enable router logging if available.; priority: MEDIUM Workaround: If multi-AP functionality is not required, disable it through the router's configuration interface to reduce attack surface.; priority: MEDIUM

Priority Score

65
Low Medium High Critical
KEV: 0
EPSS: +0.6
CVSS: +44
POC: +20

Share

CVE-2025-6165 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy