CVE-2025-8244

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TOTOLINK X15 version 1.0.0-B20230714.1105

Description A critical vulnerability exists in the TOTOLINK X15 device. The issue is a buffer overflow within an unknown function of the HTTP POST Request Handler component, specifically in the file /boafrm/formMapDelDevice. Manipulation of the macstr argument can trigger this overflow, potentially leading to a denial of service or arbitrary code execution. The attack can be launched remotely. The exploit for this vulnerability has been publicly disclosed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77CWE-119CWE-120

Related Identifiers

BDU:2025-09072

CVE-2025-8244

Affected Products

Totolink X15

CVE-2025-8244

Weakness Enumeration

Related Identifiers

Affected Products

References · 13