CVE-2025-8244Improper Restriction of Operations within the Bounds of a Memory Buffer in X15

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer OverflowCWE-77Command Injection3 documents3 sources
Severity
7.4HIGHNVD
EPSS
0.9%
top 24.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Totolink X15Totolink X15 Firmware
Timeline
PublishedJul 27
Latest updateJul 28

Description

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5totolink/x151.0.0-B20230714.1105
NVDtotolink/x15_firmware1.0.0-b20230714.1105

🔴Vulnerability Details

2
GHSA
GHSA-h768-88g4-xvr3: A vulnerability was found in TOTOLINK X15 12025-07-28
CVEList
TOTOLINK X15 HTTP POST Request formMapDelDevice buffer overflow2025-07-27
CVE-2025-8244 — Totolink X15 vulnerability | cvebase