EUVD-2025-17328

| CVE-2025-5788 HIGH
2025-06-06 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17328
CVE Published
Jun 06, 2025 - 17:15 nvd
HIGH 8.8

Tags

Buffer Overflow TP-Link X15 Firmware TOTOLINK

Description

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formReflashClientTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in TOTOLINK X15 router firmware version 1.0.0-B20230714.1105, affecting the HTTP POST request handler at endpoint /boafrm/formReflashClientTbl. An authenticated remote attacker can exploit improper argument validation in the 'submit-url' parameter to achieve complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code exists and the vulnerability meets CISA KEV criteria for active exploitation risk.

Technical Context

The vulnerability resides in the HTTP POST request handler component of TOTOLINK's web-based device management interface, specifically in the /boafrm/formReflashClientTbl endpoint. The root cause is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), indicating a classic stack or heap-based buffer overflow condition. The vulnerable code fails to properly validate or sanitize the 'submit-url' parameter length before copying it into a fixed-size buffer, allowing an attacker to write beyond buffer boundaries. This affects the firmware of TOTOLINK X15 router models running build B20230714.1105 and potentially earlier versions. The affected CPE is CPE:2.3:o:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:*. The vulnerability exists in firmware-level code responsible for client table reflashing operations, which may interact with critical system processes.

Affected Products

X15 Router Firmware (['1.0.0 and earlier builds up to B20230714.1105'])

Remediation

Patch/Upgrade: Contact TOTOLINK support or check the official TOTOLINK support portal for firmware updates released after 2023-07-14. Update the X15 router firmware to the latest available version that addresses CVE-2025-5788.; priority: CRITICAL Network Segmentation: Restrict HTTP POST access to the /boafrm/formReflashClientTbl endpoint using firewall rules or access control lists. Only allow administrative access from trusted IP ranges.; priority: HIGH Credential Hardening: Change default router credentials immediately and enforce strong, unique passwords for all administrative accounts to reduce the likelihood of authentication bypass.; priority: HIGH Access Monitoring: Monitor router logs for suspicious POST requests to /boafrm/formReflashClientTbl with unusual submit-url parameter lengths or values.; priority: MEDIUM Disable Remote Management: Disable remote HTTP/HTTPS management access if not required; configure access only from local network.; priority: MEDIUM

Priority Score

45
Low Medium High Critical
KEV: 0
EPSS: +0.7
CVSS: +44
POC: 0

Share

EUVD-2025-17328 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy