Sign-up

ID

VAR-202506-0031


CVE

CVE-2025-5503


TITLE

TOTOLINK X15 router stack buffer overflow vulnerability

Trust: 0.6

sources: CNVD: CNVD-2025-12387

DESCRIPTION

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. TOTOLINK X15 is a network wireless extender from China's TOTOLINK Electronics. The vulnerability originates from the /boafrm/formMapReboot file, which does not perform strict length checks and boundary processing on input data when processing the deviceMacAddr parameter. Attackers can use this vulnerability to control the execution process of the program and achieve remote code execution

Trust: 1.44

sources: NVD: CVE-2025-5503 // CNVD: CNVD-2025-12387

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-12387

AFFECTED PRODUCTS

vendor:totolinkmodel:1.0.0-b20230714.1105scope:eqversion:x15

Trust: 0.6

sources: CNVD: CNVD-2025-12387

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-5503
value: HIGH

Trust: 1.0

CNVD: CNVD-2025-12387
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-5503
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2025-12387
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-5503
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2025-12387 // NVD: CVE-2025-5503

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-121

Trust: 1.0

sources: NVD: CVE-2025-5503

EXTERNAL IDS

db:NVDid:CVE-2025-5503

Trust: 1.6

db:VULDBid:310917

Trust: 1.0

db:CNVDid:CNVD-2025-12387

Trust: 0.6

sources: CNVD: CNVD-2025-12387 // NVD: CVE-2025-5503

REFERENCES

url:https://vuldb.com/?id.310917

Trust: 1.0

url:https://www.totolink.net/

Trust: 1.0

url:https://github.com/yhuanhuan01/totolink/blob/main/totolink-x15.md#poc2-stack_overflow

Trust: 1.0

url:https://vuldb.com/?ctiid.310917

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-5503

Trust: 0.6

sources: CNVD: CNVD-2025-12387 // NVD: CVE-2025-5503

SOURCES

db:CNVDid:CNVD-2025-12387
db:NVDid:CVE-2025-5503

LAST UPDATE DATE

2025-06-14T22:51:57.158000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-12387date:2025-06-13T00:00:00
db:NVDid:CVE-2025-5503date:2025-06-04T14:54:33.783

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-12387date:2025-06-13T00:00:00
db:NVDid:CVE-2025-5503date:2025-06-03T15:16:00.350