EUVD-2025-17323

| CVE-2025-5786 HIGH
2025-06-06 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17323
CVE Published
Jun 06, 2025 - 17:15 nvd
HIGH 8.8

Tags

Buffer Overflow TP-Link RCE X15 Firmware TOTOLINK

Description

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formDMZ of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in TOTOLINK X15 1.0.0-B20230714.1105 affecting the DMZ configuration HTTP POST handler. An authenticated attacker can exploit a malformed 'submit-url' parameter in the /boafrm/formDMZ endpoint to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A proof-of-concept exploit has been publicly disclosed, and the vulnerability may be actively exploited in the wild.

Technical Context

The vulnerability exists in the HTTP POST request handler component of TOTOLIK X15 router firmware, specifically within the /boafrm/formDMZ endpoint that processes DMZ (Demilitarized Zone) configuration requests. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow flaw where user-supplied input in the 'submit-url' parameter is not properly validated or length-checked before being copied into a fixed-size buffer. TOTOLINK X15 is a residential/SOHO WiFi router (CPE likely: cpe:2.3:o:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:*). The HTTP POST handler fails to implement bounds checking, allowing an attacker to overflow the buffer and overwrite adjacent memory regions, including the stack or heap, leading to arbitrary code execution.

Affected Products

X15 (['1.0.0-B20230714.1105'])

Remediation

Monitor TOTOLINK official channels for security updates; apply immediately upon release Network Mitigation: Implement network-level access controls; disable remote management if not required; use strong, unique admin credentials Workaround: Assess business need for DMZ; if optional, disable via firmware settings or network segmentation Detection: Enable verbose logging; alert on POST requests with payloads >256 bytes to this endpoint

Priority Score

45
Low Medium High Critical
KEV: 0
EPSS: +0.7
CVSS: +44
POC: 0

Share

EUVD-2025-17323 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy