The vulnerability in the built-in web server boa (/boafrm/formSaveConfig) of the TOTOLINK X15 router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

🗓️ 13 Jun 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Buffer overflow in TOTOLINK X15 Boa formSaveConfig via submit URL causes data leakage and tampering.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-5739	5 Jun 202518:37	–	circl
CNNVD	TOTOLINK X15 安全漏洞	6 Jun 202500:00	–	cnnvd
CNVD	TOTOLINK X15 /boafrm/formSaveConfig File Buffer Overflow Vulnerability	10 Jun 202500:00	–	cnvd
CVE	CVE-2025-5739	6 Jun 202509:00	–	cve
Cvelist	CVE-2025-5739 TOTOLINK X15 HTTP POST Request formSaveConfig buffer overflow	6 Jun 202509:00	–	cvelist
EUVD	EUVD-2025-17104	3 Oct 202520:07	–	euvd
NVD	CVE-2025-5739	6 Jun 202509:15	–	nvd
Positive Technologies	PT-2025-24062 · Totolink · Totolink X15	5 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-5739	8 Jun 202509:16	–	redhatcve
Vulnrichment	CVE-2025-5739 TOTOLINK X15 HTTP POST Request formSaveConfig buffer overflow	6 Jun 202509:00	–	vulnrichment

Vulners

Node

totolink x15Match1.0.0-b20230714.1105

Source	Link
github	www.github.com/Lena-lyy/cve/blob/main/Goo/6.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
totolink	www.totolink.net/
web	www.web.nvd.nist.gov/view/vuln/detail

13 Jun 2025 00:00Current

7.7High risk

Vulners AI Score7.7

CVSS 38.8

CVSS 29

EPSS0.0167

Totolink X15 boa web server formSaveConfig submit URL post request buffer overflow data leakage data tampering