{"id":9079,"date":"2025-07-27T17:49:33","date_gmt":"2025-07-27T17:49:33","guid":{"rendered":"http:\/\/localhost\/?p=9079"},"modified":"2025-07-27T17:49:33","modified_gmt":"2025-07-27T17:49:33","slug":"totolink-x15-http-post-request-formmapdeldevice-buffer-overflow","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9079","title":{"rendered":"TOTOLINK X15 HTTP POST Request formMapDelDevice buffer overflow"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nTOTOLINK X15 HTTP POST Request formMapDelDevice buffer overflow<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-27T22:02:07.627Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-27T22:02:07.627Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nTOTOLINK<\/td>\n<\/tr>\n
Product<\/th>\nX15<\/td>\n<\/tr>\n
Version<\/th>\n1.0.0-B20230714.1105<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n8.7 (HIGH)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA buffer overflow vulnerability in the TOTOLINK X15 router’s HTTP POST request handler allows remote attackers to execute arbitrary code via the macstr argument in formMapDelDevice. This critical vulnerability can be exploited without authentication, leading to potential system compromise.<\/td>\n<\/tr>\n
AI Severity<\/th>\nHigh<\/td>\n<\/tr>\n
AI Vendor<\/th>\nTOTOLINK<\/td>\n<\/tr>\n
AI Product<\/th>\nTOTOLINK X15<\/td>\n<\/tr>\n
AI Version<\/th>\n1.0.0-B20230714.1105<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n