EUVD-2025-17347

| CVE-2025-5790 HIGH
2025-06-06 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 18:10 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 18:10 euvd
EUVD-2025-17347
CVE Published
Jun 06, 2025 - 18:15 nvd
HIGH 8.8

Tags

Buffer Overflow TP-Link X15 Firmware TOTOLINK

Description

A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. This vulnerability affects unknown code of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Analysis

Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler for the /boafrm/formIpQoS endpoint. An authenticated remote attacker can exploit improper input validation on the 'mac' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability (CIA triad). Public exploit disclosure and proof-of-concept availability significantly elevate real-world exploitation risk.

Technical Context

The vulnerability exists in TOTOLINK X15, a wireless router device, specifically within the HTTP POST request handler that processes QoS (Quality of Service) configuration via the /boafrm/formIpQoS endpoint. The vulnerability is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow condition where insufficient bounds checking on the 'mac' parameter allows an attacker to write beyond allocated buffer boundaries. The affected component is part of the device's web-based administrative interface, likely implemented in C/C++ firmware code. The HTTP POST handler fails to validate or sanitize the 'mac' argument length before copying it into a fixed-size buffer, enabling stack or heap-based buffer overflow. CPE identification: cpe:2.3:o:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:*

Affected Products

X15 (['1.0.0-B20230714.1105'])

Remediation

Contact TOTOLINK support or check official firmware repository for patched firmware version addressing CVE-2025-5790. Apply firmware update that includes bounds checking and input validation for the 'mac' parameter in /boafrm/formIpQoS handler.; priority: CRITICAL; timeline: Apply immediately upon availability Workaround: Restrict network access to the HTTP administrative interface (:80/:443) using firewall rules. Limit access to trusted IP addresses/subnets only. Disable remote management if not required.; priority: HIGH; timeline: Implement immediately as interim measure Mitigation: Implement network segmentation to isolate IoT/router management interfaces. Use strong authentication credentials (change default admin password). Monitor for suspicious HTTP POST requests to /boafrm/formIpQoS with abnormally long 'mac' parameter values.; priority: HIGH; timeline: Implement as defense-in-depth Detection: Monitor device logs for POST requests to /boafrm/formIpQoS with 'mac' parameters exceeding typical MAC address length (17 bytes for XX:XX:XX:XX:XX:XX format). Deploy IDS/IPS signatures detecting buffer overflow patterns in HTTP requests.; priority: MEDIUM; timeline: Enable continuous monitoring

Priority Score

45
Low Medium High Critical
KEV: 0
EPSS: +0.7
CVSS: +44
POC: 0

Share

EUVD-2025-17347 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy