Buffer Overflow Vulnerability in TOTOLINK X15
CVE-2025-5738

8.7HIGH

Key Information:

Vendor: Totolink
Status: X15
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-5738?

A buffer overflow vulnerability exists in the TOTOLINK X15 due to improper handling of the HTTP POST Request in the formStats component. The vulnerability is triggered by manipulating the submit-url argument, allowing an attacker to execute arbitrary code remotely. This issue poses significant risks, as exploitation could lead to unauthorized access and control over the affected device.

Affected Version(s)

X15 1.0.0-B20230714.1105

References

https://vuldb.com/?id.311264

vdb-entrytechnical-description

https://vuldb.com/?ctiid.311264

signaturepermissions-required

https://vuldb.com/?submit.590635

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jun 5, 2025

Credit

Lena-lyy02 (VulDB User)

Totolink

What is CVE-2025-5738?

Affected Version(s)

References

CVSS V4

Timeline

Credit