Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
CVE-2025-6399 is a critical buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formIPv6Addr endpoint. An authenticated attacker can exploit the improper handling of the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability is likely to see active exploitation given its criticality and ease of exploitation.
Technical ContextAI
The vulnerability exists in the HTTP POST request handler component of TOTOLINK X15's web interface, specifically in the /boafrm/formIPv6Addr functionality. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow defect where user-supplied input in the 'submit-url' parameter is not properly validated for length before being written to a fixed-size buffer. This occurs in firmware version 1.0.0-B20230714.1105 running on TOTOLINK X15 wireless routers (CPE: totolink:x15). The affected component is the HTTP POST request handler, indicating a web-facing attack surface. The lack of input sanitization on what appears to be a URL field allows an attacker to overflow adjacent memory regions and potentially overwrite return addresses or other critical data structures to achieve arbitrary code execution.
RemediationAI
Patch/Firmware Update: Contact TOTOLINK support or monitor their security advisories for a patched firmware version beyond 1.0.0-B20230714.1105. Check TOTOLINK's official website (totolink.net) for firmware updates.; priority: Critical—apply immediately upon availability Workaround/Mitigation: Restrict HTTP access to the router's web management interface via firewall rules; limit administrative access to trusted IP ranges only; disable remote management if not required; applicability: Temporary; does not fix the underlying vulnerability Compensating Control: Implement network segmentation to isolate the router from less trusted network segments; use strong authentication credentials; disable default admin accounts if changeable; applicability: Risk reduction measure pending patch availability Monitoring: Monitor router logs for suspicious POST requests to /boafrm/formIPv6Addr with unusual submit-url parameters; watch for system crashes or unexpected process execution; applicability: Detection of exploitation attempts
More in X15 Firmware
View allA buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.
Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST r
Critical remote buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting t
A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.
A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown
CVE-2025-6402 is a critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affectin
A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this
Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST req
Critical buffer overflow vulnerability in TOTOLINK X15 router firmware version 1.0.0-B20230714.1105, affecting the HTTP
Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST req
Critical buffer overflow vulnerability in TOTOLINK X15 1.0.0-B20230714.1105 affecting the DMZ configuration HTTP POST ha
Critical buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-18804