A high-severity buffer overflow vulnerability in TOTOLINK X15 routers allows unauthenticated remote attackers to execute arbitrary code via malicious HTTP POST requests.

This is a buffer overflow vulnerability within the /boafrm/formSetLg file of the HTTP POST Request Handler. It is triggered by an unauthenticated attacker manipulating the submit-url argument to overflow the buffer.

The CVSS score of 8.8 underscores the gravity of this flaw, which allows for remote code execution. Successful exploitation could grant an attacker full control over the router, facilitating man-in-the-middle attacks, unauthorized access to internal network resources, and potential long-term persistence within the environment.

Immediate Action: Identify and inventory all deployed TOTOLINK X15 devices and restrict their exposure to external networks until a firmware patch is applied.

Proactive Monitoring: Inspect system and web server logs for anomalous HTTP POST requests containing oversized or malformed submit-url parameters.

Compensating Controls: Utilize network-level intrusion detection systems (IDS) or WAF rules to drop HTTP requests that exhibit patterns associated with buffer overflow attempts against the identified file path.

Public Exploit Available: true

The presence of a public exploit for this high-severity vulnerability necessitates immediate remediation efforts. IT teams should prioritize isolating these devices from the public-facing internet and applying vendor-supplied updates immediately upon availability to mitigate the risk of remote compromise.