EUVD-2025-17325
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Analysis
Critical buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formWirelessTbl endpoint. An authenticated attacker can exploit the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with proof-of-concept code available, presenting immediate exploitation risk in production environments.
Technical Context
The vulnerability exists in the TOTOLINK X15 router's web-based management interface, specifically within the HTTP POST request handler that processes wireless table configuration requests. The flaw is rooted in CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow vulnerability class. The /boafrm/formWirelessTbl endpoint accepts user-supplied input via the 'submit-url' POST parameter without proper bounds checking or input validation. This parameter is likely used to construct URLs or file paths for wireless configuration processing, and the lack of length validation allows an attacker to write data beyond allocated buffer boundaries. The affected component is part of the router's embedded web server (likely Boa or similar lightweight HTTP daemon common in SOHO routers), which runs with elevated privileges necessary to modify network configuration. The vulnerability affects CPE: cpe:2.3:o:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:*
Affected Products
TOTOLINK X15 firmware version 1.0.0-B20230714.1105 and potentially earlier versions in the 1.0.0 release series (specific version scope requires vendor confirmation). The vulnerability affects all X15 router hardware running this firmware version or prior unpatched iterations. Related CPE: cpe:2.3:h:totolink:x15:-:*:*:*:*:*:*:* and cpe:2.3:o:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:*. Patch status: No official patch information is currently available in public advisories; TOTOLINK vendor advisory should be consulted at https://www.totolink.net/ for firmware updates. Users should monitor TOTOLINK security advisories and firmware release notes for patched versions (typically denoted with higher build numbers, e.g., 1.0.1 or later).
Remediation
(1) IMMEDIATE: Update router firmware to the latest available version from TOTOLINK official channels (typically accessible via router web interface under System Settings > Firmware Upgrade or via https://www.totolink.net/home/customercare/support.html); verify the update addresses CVE-2025-5785 in release notes. (2) TEMPORARY MITIGATION (pending patch): Restrict access to router management interface by disabling remote management (disable HTTP/HTTPS access from WAN), modify default HTTP management port, and implement strong authentication credentials (change default admin/admin credentials to unique, complex password). (3) NETWORK-LEVEL: Implement firewall rules to restrict management port access (typically 80/443) to trusted administrative networks only; segment router management traffic from general network traffic. (4) MONITORING: Enable and review router access logs for suspicious POST requests to /boafrm/formWirelessTbl with unusual 'submit-url' parameter values. (5) CONTINGENCY: If patched firmware is unavailable or delayed, consider replacing the affected router with alternative models from trusted vendors with active security update programs.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today