CVE-2025-8243Improper Restriction of Operations within the Bounds of a Memory Buffer in X15

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer OverflowCWE-787Out-of-bounds Write3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.9%
top 24.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink X15Totolink X15 Firmware
Timeline
PublishedJul 27
Latest updateJul 28

Description

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/x151.0.0-B20230714.1105
NVDtotolink/x15_firmware1.0.0-b20230714.1105

🔴Vulnerability Details

2
GHSA
GHSA-962w-vvjm-wxqh: A vulnerability was found in TOTOLINK X15 12025-07-28
CVEList
TOTOLINK X15 HTTP POST Request formMapDel buffer overflow2025-07-27
CVE-2025-8243 — Totolink X15 vulnerability | cvebase