A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
History

Tue, 01 Jul 2025 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Totolink
Totolink x15
Totolink x15 Firmware
CPEs cpe:2.3:h:totolink:x15:-:*:*:*:*:*:*:*
cpe:2.3:o:totolink:x15_firmware:*:*:*:*:*:*:*:*
Vendors & Products Totolink
Totolink x15
Totolink x15 Firmware

Mon, 30 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 28 Jun 2025 20:15:00 +0000

Type Values Removed Values Added
Description A vulnerability classified as critical has been found in TOTOLINK X15 up to 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Title TOTOLINK X15 HTTP POST Request formParentControl buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-06-28T20:00:17.046Z

Updated: 2025-06-30T15:57:14.695Z

Reserved: 2025-06-27T17:00:17.858Z

Link: CVE-2025-6824

cve-icon Vulnrichment

Updated: 2025-06-30T15:57:02.660Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-28T20:15:23.917

Modified: 2025-07-01T00:33:14.560

Link: CVE-2025-6824

cve-icon Redhat

No data.