ID
VAR-202507-2587
CVE
CVE-2025-8244
TITLE
TOTOLINK of X15 Buffer error vulnerability in firmware
Trust: 0.8
DESCRIPTION
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. TOTOLINK of X15 The firmware contains buffer error vulnerabilities, classic buffer overflow vulnerabilities, and command injection vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The TOTOLINK X15 is a wireless network extender manufactured by TOTOLINK Electronics of China, primarily used to extend Wi-Fi coverage. This device supports Wi-Fi 6 technology and offers AX1500 wireless transmission speeds, making it suitable for home and small office environments. An attacker could exploit this vulnerability by remotely constructing an overly long macstr parameter, triggering a buffer overflow and potentially causing a denial of service or arbitrary code execution
Trust: 2.16
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | totolink | model: | x15 | scope: | eq | version: | 1.0.0-b20230714.1105 | Trust: 1.0 |
| vendor: | totolink | model: | x15 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | totolink | model: | x15 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | totolink | model: | x15 | scope: | eq | version: | x15 firmware 1.0.0-b20230714.1105 | Trust: 0.8 |
| vendor: | totolink | model: | 1.0.0b20230714.1105 | scope: | eq | version: | x15 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.0 |
| problemtype: | CWE-77 | Trust: 1.0 |
| problemtype: | CWE-119 | Trust: 1.0 |
| problemtype: | Buffer error (CWE-119) [ others ] | Trust: 0.8 |
| problemtype: | Classic buffer overflow (CWE-120) [ others ] | Trust: 0.8 |
| problemtype: | Command injection (CWE-77) [NVD evaluation ] | Trust: 0.8 |
PATCH
| title: | Patch for TOTOLINK X15 formMapDelDevice file buffer overflow vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/714946 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-8244 | Trust: 3.2 |
| db: | VULDB | id: | 317832 | Trust: 2.4 |
| db: | JVNDB | id: | JVNDB-2025-010360 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2025-17522 | Trust: 0.6 |
REFERENCES
| url: | https://vuldb.com/?id.317832 | Trust: 2.4 |
| url: | https://vuldb.com/?submit.622692 | Trust: 2.4 |
| url: | https://github.com/panda666-888/vuls/blob/main/totolink/x15/formmapdeldevice.md | Trust: 2.4 |
| url: | https://www.totolink.net/ | Trust: 2.4 |
| url: | https://vuldb.com/?ctiid.317832 | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2025-8244 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2025-17522 |
| db: | JVNDB | id: | JVNDB-2025-010360 |
| db: | NVD | id: | CVE-2025-8244 |
LAST UPDATE DATE
2025-08-06T23:09:33.162000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2025-17522 | date: | 2025-08-05T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-010360 | date: | 2025-08-01T01:23:00 |
| db: | NVD | id: | CVE-2025-8244 | date: | 2025-07-29T21:04:45.237 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2025-17522 | date: | 2025-08-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2025-010360 | date: | 2025-08-01T00:00:00 |
| db: | NVD | id: | CVE-2025-8244 | date: | 2025-07-27T22:15:26.063 |