CVE-2025-5735
BaseFortify
Publication date: 2025-06-06
Last updated on: 2025-06-17
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| totolink | x15_firmware | 1.0.0-b20230714.1105 |
| totolink | x15 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5735 is a critical buffer overflow vulnerability in the TOTOLINK X15 router firmware version 1.0.0-B20230714.1105. It occurs in the HTTP POST request handler at the endpoint /boafrm/formSetLg, where improper handling of the submit-url argument allows an attacker to overflow a buffer by sending a specially crafted POST request. This flaw arises because the input size is not properly checked before copying to an output buffer, leading to a classic buffer overflow condition. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to exploit the buffer overflow to cause a denial of service (DoS) on the affected device, disrupting its availability. It affects the confidentiality, integrity, and availability of the router. The exploit requires no authentication and is easy to perform, with public proof-of-concept code available. There are currently no known mitigations, so the affected device may need to be replaced to avoid risk. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP POST requests sent to the endpoint `/boafrm/formSetLg` with unusually large or malformed `submit-url` parameters that may trigger the buffer overflow. Network intrusion detection systems (NIDS) can be configured to alert on such suspicious POST requests. Additionally, you can use tools like curl or wget to test the endpoint manually by sending crafted POST requests to check for abnormal behavior or crashes. Example command to test the endpoint: `curl -X POST http://<router-ip>/boafrm/formSetLg -d "submit-url=$(python3 -c 'print("A"*1000)')"` to send a large payload and observe the device response. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected device from untrusted networks, such as disabling remote management or limiting access via firewall rules. Since no known countermeasures or patches currently exist, it is recommended to replace the affected TOTOLINK X15 router with an alternative device or firmware version that is not vulnerable. Monitoring for exploitation attempts and applying network-level protections can also help reduce risk until a fix is available. [2]