CVE-2025-5735— TOTOLINK X15 安全漏洞

TOTOLINK X15 HTTP POST Request formSetLg buffer overflow

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)

TOTOLINK X15 安全漏洞

TOTOLINK X15是中国吉翁电子（TOTOLINK）公司的一款网络无线扩展器。 TOTOLINK X15 1.0.0-B20230714.1105版本存在安全漏洞，该漏洞源于对组件HTTP POST Request Handler中文件/boafrm/formSetLg参数submit-url的错误操作导致缓冲区溢出。

N/A

N/A