Details of VAR-202506-0031

ID

VAR-202506-0031

CVE

CVE-2025-5503

TITLE

TOTOLINK of X15 Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-007199

DESCRIPTION

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK of X15 The firmware contains a buffer error vulnerability, a stack-based buffer overflow vulnerability, and an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X15 is a network wireless extender from China's TOTOLINK Electronics. The vulnerability originates from the /boafrm/formMapReboot file, which does not perform strict length checks and boundary processing on input data when processing the deviceMacAddr parameter. Attackers can use this vulnerability to control the execution process of the program and achieve remote code execution

Trust: 2.16

sources: NVD: CVE-2025-5503 // JVNDB: JVNDB-2025-007199 // CNVD: CNVD-2025-12387

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2025-12387

AFFECTED PRODUCTS

vendor:	totolink	model:	x15	scope:	eq	version:	1.0.0-b20230714.1105	Trust: 1.0
vendor:	totolink	model:	x15	scope:	eq	version:	-	Trust: 0.8
vendor:	totolink	model:	x15	scope:	-	version:	-	Trust: 0.8
vendor:	totolink	model:	x15	scope:	eq	version:	x15 firmware 1.0.0-b20230714.1105	Trust: 0.8
vendor:	totolink	model:	1.0.0-b20230714.1105	scope:	eq	version:	x15	Trust: 0.6

sources: CNVD: CNVD-2025-12387 // JVNDB: JVNDB-2025-007199 // NVD: CVE-2025-5503

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-5503
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-007199
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2025-12387
value:	HIGH
Trust: 0.6

cna@vuldb.com:	CVE-2025-5503
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2025-007199
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2025-12387
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2025-5503
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-007199
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2025-12387 // JVNDB: JVNDB-2025-007199 // NVD: CVE-2025-5503

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	CWE-121	Trust: 1.0
problemtype:	Buffer error (CWE-119) [ others ]	Trust: 0.8
problemtype:	Stack-based buffer overflow (CWE-121) [ others ]	Trust: 0.8
problemtype:	Out-of-bounds writing (CWE-787) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-007199 // NVD: CVE-2025-5503

EXTERNAL IDS

db:	NVD	id:	CVE-2025-5503	Trust: 3.2
db:	VULDB	id:	310917	Trust: 1.8
db:	JVNDB	id:	JVNDB-2025-007199	Trust: 0.8
db:	CNVD	id:	CNVD-2025-12387	Trust: 0.6

sources: CNVD: CNVD-2025-12387 // JVNDB: JVNDB-2025-007199 // NVD: CVE-2025-5503

REFERENCES

url:	https://github.com/yhuanhuan01/totolink/blob/main/totolink-x15.md#poc2-stack_overflow	Trust: 1.8
url:	https://vuldb.com/?id.310917	Trust: 1.8
url:	https://www.totolink.net/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2025-5503	Trust: 1.4
url:	https://vuldb.com/?ctiid.310917	Trust: 1.0

sources: CNVD: CNVD-2025-12387 // JVNDB: JVNDB-2025-007199 // NVD: CVE-2025-5503

SOURCES

db:	CNVD	id:	CNVD-2025-12387
db:	JVNDB	id:	JVNDB-2025-007199
db:	NVD	id:	CVE-2025-5503

LAST UPDATE DATE

2025-06-20T23:10:10.376000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2025-12387	date:	2025-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2025-007199	date:	2025-06-18T02:13:00
db:	NVD	id:	CVE-2025-5503	date:	2025-06-17T20:40:22.317

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2025-12387	date:	2025-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2025-007199	date:	2025-06-18T00:00:00
db:	NVD	id:	CVE-2025-5503	date:	2025-06-03T15:16:00.350