Skip to main content

X15 Firmware EUVDEUVD-2025-18804

| CVE-2025-6399 HIGH
Buffer Overflow (CWE-119)
2025-06-21 cna@vuldb.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
EUVD ID Assigned
Mar 15, 2026 - 21:35 euvd
EUVD-2025-18804
Analysis Generated
Mar 15, 2026 - 21:35 vuln.today
PoC Detected
Jun 25, 2025 - 20:13 vuln.today
Public exploit code
CVE Published
Jun 21, 2025 - 04:15 nvd
HIGH 8.8

DescriptionCVE.org

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

CVE-2025-6399 is a critical buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formIPv6Addr endpoint. An authenticated attacker can exploit the improper handling of the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability is likely to see active exploitation given its criticality and ease of exploitation.

Technical ContextAI

The vulnerability exists in the HTTP POST request handler component of TOTOLINK X15's web interface, specifically in the /boafrm/formIPv6Addr functionality. The root cause is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), a classic buffer overflow defect where user-supplied input in the 'submit-url' parameter is not properly validated for length before being written to a fixed-size buffer. This occurs in firmware version 1.0.0-B20230714.1105 running on TOTOLINK X15 wireless routers (CPE: totolink:x15). The affected component is the HTTP POST request handler, indicating a web-facing attack surface. The lack of input sanitization on what appears to be a URL field allows an attacker to overflow adjacent memory regions and potentially overwrite return addresses or other critical data structures to achieve arbitrary code execution.

RemediationAI

Patch/Firmware Update: Contact TOTOLINK support or monitor their security advisories for a patched firmware version beyond 1.0.0-B20230714.1105. Check TOTOLINK's official website (totolink.net) for firmware updates.; priority: Critical—apply immediately upon availability Workaround/Mitigation: Restrict HTTP access to the router's web management interface via firewall rules; limit administrative access to trusted IP ranges only; disable remote management if not required; applicability: Temporary; does not fix the underlying vulnerability Compensating Control: Implement network segmentation to isolate the router from less trusted network segments; use strong authentication credentials; disable default admin accounts if changeable; applicability: Risk reduction measure pending patch availability Monitoring: Monitor router logs for suspicious POST requests to /boafrm/formIPv6Addr with unusual submit-url parameters; watch for system crashes or unexpected process execution; applicability: Detection of exploitation attempts

CVE-2025-5503 HIGH POC
8.8 Jun 03

A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.

CVE-2025-6165 HIGH POC
8.8 Jun 17

Critical buffer overflow vulnerability in TOTOLINK X15 firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST r

CVE-2025-6150 HIGH POC
8.8 Jun 17

Critical remote buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting t

CVE-2025-6146 HIGH POC
8.8 Jun 17

A buffer overflow vulnerability in A vulnerability (CVSS 8.8). Risk factors: public PoC available.

CVE-2025-6824 HIGH POC
8.8 Jun 28

A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown

CVE-2025-6402 HIGH POC
8.8 Jun 21

CVE-2025-6402 is a critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affectin

CVE-2025-5502 MEDIUM POC
6.3 Jun 03

A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this

CVE-2025-5790 HIGH
8.8 Jun 06

Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST req

CVE-2025-5788 HIGH
8.8 Jun 06

Critical buffer overflow vulnerability in TOTOLINK X15 router firmware version 1.0.0-B20230714.1105, affecting the HTTP

CVE-2025-5787 HIGH
8.8 Jun 06

Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST req

CVE-2025-5786 HIGH
8.8 Jun 06

Critical buffer overflow vulnerability in TOTOLINK X15 1.0.0-B20230714.1105 affecting the DMZ configuration HTTP POST ha

CVE-2025-5785 HIGH
8.8 Jun 06

Critical buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP

Share

EUVD-2025-18804 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy