Sign-up

ID

VAR-202507-2568


CVE

CVE-2025-8243


TITLE

TOTOLINK  of  X15  Buffer error vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-010249

DESCRIPTION

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains buffer error vulnerabilities, classic buffer overflow vulnerabilities, and out-of-bounds write vulnerabilities.Service operation interruption (DoS) It may be in a state. The TOTOLINK X15 is a wireless network extender manufactured by TOTOLINK, a Chinese company. It's primarily used to extend Wi-Fi coverage. It supports Wi-Fi 6 technology and offers AX1500 wireless transmission speeds, making it suitable for home and small office environments. An attacker could exploit this vulnerability to cause a denial of service or execute arbitrary code

Trust: 2.16

sources: NVD: CVE-2025-8243 // JVNDB: JVNDB-2025-010249 // CNVD: CNVD-2025-17523

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2025-17523

AFFECTED PRODUCTS

vendor:totolinkmodel:x15scope:eqversion:1.0.0-b20230714.1105

Trust: 1.0

vendor:totolinkmodel:x15scope: - version: -

Trust: 0.8

vendor:totolinkmodel:x15scope:eqversion: -

Trust: 0.8

vendor:totolinkmodel:x15scope:eqversion:x15 firmware 1.0.0-b20230714.1105

Trust: 0.8

vendor:totolinkmodel:1.0.0b20230714.1105scope:eqversion:x15

Trust: 0.6

sources: CNVD: CNVD-2025-17523 // JVNDB: JVNDB-2025-010249 // NVD: CVE-2025-8243

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com: CVE-2025-8243
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2025-8243
value: HIGH

Trust: 1.0

OTHER: JVNDB-2025-010249
value: HIGH

Trust: 0.8

CNVD: CNVD-2025-17523
value: HIGH

Trust: 0.6

cna@vuldb.com: CVE-2025-8243
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

OTHER: JVNDB-2025-010249
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2025-17523
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

cna@vuldb.com: CVE-2025-8243
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2025-8243
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2025-010249
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2025-17523 // JVNDB: JVNDB-2025-010249 // NVD: CVE-2025-8243 // NVD: CVE-2025-8243

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [ others ]

Trust: 0.8

problemtype: Classic buffer overflow (CWE-120) [ others ]

Trust: 0.8

problemtype: Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2025-010249 // NVD: CVE-2025-8243

PATCH

title:Patch for TOTOLINK X15 devicemac1 parameter buffer overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/714951

Trust: 0.6

sources: CNVD: CNVD-2025-17523

EXTERNAL IDS

db:NVDid:CVE-2025-8243

Trust: 3.2

db:VULDBid:317831

Trust: 2.4

db:JVNDBid:JVNDB-2025-010249

Trust: 0.8

db:CNVDid:CNVD-2025-17523

Trust: 0.6

sources: CNVD: CNVD-2025-17523 // JVNDB: JVNDB-2025-010249 // NVD: CVE-2025-8243

REFERENCES

url:https://vuldb.com/?id.317831

Trust: 2.4

url:https://vuldb.com/?submit.622691

Trust: 2.4

url:https://github.com/panda666-888/vuls/blob/main/totolink/x15/formmapdel.md

Trust: 2.4

url:https://www.totolink.net/

Trust: 2.4

url:https://vuldb.com/?ctiid.317831

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2025-8243

Trust: 0.8

sources: CNVD: CNVD-2025-17523 // JVNDB: JVNDB-2025-010249 // NVD: CVE-2025-8243

SOURCES

db:CNVDid:CNVD-2025-17523
db:JVNDBid:JVNDB-2025-010249
db:NVDid:CVE-2025-8243

LAST UPDATE DATE

2025-08-06T23:19:01.022000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2025-17523date:2025-08-05T00:00:00
db:JVNDBid:JVNDB-2025-010249date:2025-07-30T09:01:00
db:NVDid:CVE-2025-8243date:2025-07-29T21:03:31.950

SOURCES RELEASE DATE

db:CNVDid:CNVD-2025-17523date:2025-08-04T00:00:00
db:JVNDBid:JVNDB-2025-010249date:2025-07-30T00:00:00
db:NVDid:CVE-2025-8243date:2025-07-27T22:15:25.880