Buffer Overflow Vulnerability in TOTOLINK X15 by TOTOLINK
CVE-2025-5739

8.7HIGH

Key Information:

Vendor: Totolink
Status: X15
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-5739?

A buffer overflow vulnerability exists in the TOTOLINK X15 device's HTTP POST Request Handler, specifically within the /boafrm/formSaveConfig file. An attacker can exploit this vulnerability by manipulating the 'submit-url' argument, allowing for remote execution of malicious payloads. This vulnerability poses a significant threat as it has been publicly disclosed, enabling attackers to target vulnerable systems effectively.

Affected Version(s)

X15 1.0.0-B20230714.1105

References

https://vuldb.com/?id.311265

vdb-entrytechnical-description

https://vuldb.com/?ctiid.311265

signaturepermissions-required

https://vuldb.com/?submit.590636

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jun 5, 2025

Credit

Lena-lyy02 (VulDB User)

Totolink

What is CVE-2025-5739?

Affected Version(s)

References

CVSS V4

Timeline

Credit