Buffer Overflow Vulnerability in TOTOLINK X15 HTTP POST Handler
CVE-2025-5734

8.7HIGH

Key Information:

Vendor

Totolink
Status
X15
Vendor
CVE Published:
6 June 2025

What is CVE-2025-5734?

A buffer overflow vulnerability has been identified in the TOTOLINK X15 device, specifically within the HTTP POST request handler located in the /boafrm/formWlanRedirect file. Malicious actors can manipulate the 'redirect-url' argument, which may lead to a remote exploitation of the device. This situation poses significant security risks, as attackers could potentially achieve unauthorized access or disruption of service. Users are strongly advised to apply relevant updates and patches released by TOTOLINK to mitigate the risks associated with this vulnerability.

Affected Version(s)

X15 1.0.0-B20230714.1105

References

https://vuldb.com/?id.311260
vdb-entrytechnical-description
https://vuldb.com/?ctiid.311260
signaturepermissions-required
https://vuldb.com/?submit.590615
third-party-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

wanglun_ (VulDB User)
JSON
.
CVE-2025-5734 : Buffer Overflow Vulnerability in TOTOLINK X15 HTTP POST Handler