CVE-2025-5502

CWE-74CWE-77Command InjectionCWE-787Out-of-bounds Write3 documents3 sources
Severity
5.3MEDIUM
EPSS
10.3%
top 6.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink X15Totolink X15 Firmware
Timeline
PublishedJun 3

Description

A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/x151.0.0-B20230714.1105
NVDtotolink/x15_firmware1.0.0-b20230714.1105

🔴Vulnerability Details

2
CVEList
TOTOLINK X15 formMapReboot command injection2025-06-03
GHSA
GHSA-34vf-c5r4-mxr4: A vulnerability, which was classified as critical, has been found in TOTOLINK X15 12025-06-03
CVE-2025-5502 (MEDIUM CVSS 5.3) | A vulnerability | cvebase.io