The vulnerability of the built-in web server boa (/boafrm/formWsc) of TOTOLINK X15 router’s microprogramming software allows a intruder to execute arbitrary commands or cause a service failure.

🗓️ 09 Jun 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Totolink X15 boa web server buffer overflow via submit URL parameter in POST enables remote code execution.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-5787	6 Jun 202519:18	–	circl
CNNVD	TOTOLINK X15 安全漏洞	6 Jun 202500:00	–	cnnvd
CNVD	TOTOLINK X15 /boafrm/formWsc File Buffer Overflow Vulnerability	10 Jun 202500:00	–	cnvd
CVE	CVE-2025-5787	6 Jun 202516:31	–	cve
Cvelist	CVE-2025-5787 TOTOLINK X15 HTTP POST Request formWsc buffer overflow	6 Jun 202516:31	–	cvelist
EUVD	EUVD-2025-17322	3 Oct 202520:07	–	euvd
NVD	CVE-2025-5787	6 Jun 202517:15	–	nvd
OSV	CVE-2025-5787	6 Jun 202517:15	–	osv
Positive Technologies	PT-2025-24313 · Totolink · Totolink X15	6 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-5787	8 Jun 202517:18	–	redhatcve

Vulners

Node

totolink x15Match1.0.0-b20230714.1105

Source	Link
github	www.github.com/advisories/GHSA-xc59-6qv2-qx7w
github	www.github.com/Lena-lyy/cve/blob/main/9.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
totolink	www.totolink.net/
web	www.web.nvd.nist.gov/view/vuln/detail

09 Jun 2025 00:00Current

8.3High risk

Vulners AI Score8.3

CVSS 38.8

CVSS 29

EPSS0.0167

Totolink X15 boa web server buffer overflow submit URL parameter POST request remote code execution