A critical buffer overflow vulnerability in the TOTOLINK X15 router allows authenticated, low-privilege users to cause memory corruption and potentially compromise the device.

The vulnerability exists in the /boafrm/formDosCfg endpoint. Remote attackers with low-privilege access can manipulate the 'submit-url' argument to trigger memory corruption.

The CVSS score of 8.8 indicates a high risk. Even with low-privilege access requirements, a successful exploit could result in the escalation of privileges or complete system compromise, jeopardizing the integrity of the entire network segment protected by the router.

Immediate Action: Update the TOTOLINK X15 firmware to the latest available version provided by the vendor.

Proactive Monitoring: Monitor logs for suspicious or malformed requests to the /boafrm/formDosCfg endpoint.

Compensating Controls: Limit administrative and low-privilege user access to the management interface to minimize the attack surface.

Public Exploit Available: True

This vulnerability represents a significant risk to organizational infrastructure. Administrators should move quickly to update the firmware on all affected TOTOLINK X15 devices to mitigate the potential for exploitation and ensure the continued security of the network.