Sign-up

ID

VAR-202506-1091


CVE

CVE-2025-6399


TITLE

TOTOLINK  of  X15  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-008001

DESCRIPTION

A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected is an unknown function of the file /boafrm/formIPv6Addr of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains a buffer error vulnerability and a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK X15 is a network wireless extender from China's TOTOLINK Electronics. TOTOLINK X15 has a buffer overflow vulnerability, which is caused by the parameter submit-url in the file /boafrm/formIPv6Addr failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service

Trust: 2.16

sources: NVD: CVE-2025-6399 // JVNDB: JVNDB-2025-008001 // CNVD: CNVD-2025-14219

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-14219

AFFECTED PRODUCTS

vendor:totolinkmodel:x15scope:eqversion:1.0.0-b20230714.1105

Trust: 1.0

vendor:totolinkmodel:x15scope:eqversion:x15 firmware 1.0.0-b20230714.1105

Trust: 0.8

vendor:totolinkmodel:x15scope: - version: -

Trust: 0.8

vendor:totolinkmodel:x15scope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:1.0.0-b20230714.1105scope:eqversion:x15

Trust: 0.6

sources: CNVD: CNVD-2025-14219 // JVNDB: JVNDB-2025-008001 // NVD: CVE-2025-6399

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-6399
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-008001
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-14219
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-6399
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-008001
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-14219
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-6399
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

OTHER: JVNDB-2025-008001
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-14219 // JVNDB: JVNDB-2025-008001 // NVD: CVE-2025-6399

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:CWE-120

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-008001 // NVD: CVE-2025-6399

EXTERNAL IDS

db:NVDid:CVE-2025-6399

Trust: 3.2

db:VULDBid:313392

Trust: 1.8

db:JVNDBid:JVNDB-2025-008001

Trust: 0.8

db:CNVDid:CNVD-2025-14219

Trust: 0.6

sources: CNVD: CNVD-2025-14219 // JVNDB: JVNDB-2025-008001 // NVD: CVE-2025-6399

REFERENCES

url:https://github.com/d2pq/cve/blob/main/616/19.md

Trust: 2.4

url:https://github.com/d2pq/cve/blob/main/616/19.md#poc

Trust: 1.8

url:https://vuldb.com/?id.313392

Trust: 1.8

url:https://vuldb.com/?submit.597681

Trust: 1.8

url:https://www.totolink.net/

Trust: 1.8

url:https://vuldb.com/?ctiid.313392

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2025-6399

Trust: 0.8

sources: CNVD: CNVD-2025-14219 // JVNDB: JVNDB-2025-008001 // NVD: CVE-2025-6399

SOURCES

db:CNVDid:CNVD-2025-14219
db:JVNDBid:JVNDB-2025-008001
db:NVDid:CVE-2025-6399

LAST UPDATE DATE

2025-07-05T23:09:25.166000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-14219date:2025-06-27T00:00:00
db:JVNDBid:JVNDB-2025-008001date:2025-07-04T07:52:00
db:NVDid:CVE-2025-6399date:2025-06-25T20:13:30.100

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-14219date:2025-06-27T00:00:00
db:JVNDBid:JVNDB-2025-008001date:2025-07-04T00:00:00
db:NVDid:CVE-2025-6399date:2025-06-21T04:15:23.140