CVE-2025-5785

Name of the Vulnerable Software and Affected Versions TOTOLINK X15 version 1.0.0-B20230714.1105

Description A critical issue affects the TOTOLINK X15, where the manipulation of the submit-url argument in the /boafrm/formWirelessTbl file of the HTTP POST Request Handler component leads to a buffer overflow. This can be exploited remotely, potentially allowing an attacker to execute arbitrary commands or cause a denial of service by sending a specially crafted POST request to the "API Endpoint: /boafrm/formWirelessTbl". The exploit has been disclosed publicly.

Recommendations For TOTOLINK X15 version 1.0.0-B20230714.1105, as a temporary workaround, consider restricting access to the /boafrm/formWirelessTbl API endpoint until a patch is available. Avoid using the submit-url parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.