A critical buffer overflow vulnerability in the TOTOLINK X15 router poses a significant risk of remote code execution.

This is a critical buffer overflow vulnerability located in the /boafrm/formWsc component. The flaw allows an unauthenticated remote attacker to trigger the overflow by sending a maliciously crafted submit-url argument.

The CVSS score of 8.8 reflects the high risk of this vulnerability. Exploitation could lead to unauthorized access to wireless configuration settings, enabling attackers to compromise the security of the local network and any connected client devices.

Immediate Action: Review the vendor advisory at https://vuldb.com/?id.311335 and apply the latest firmware update provided by the manufacturer.

Proactive Monitoring: Review network logs for suspicious activity targeting the /boafrm/formWsc endpoint.

Compensating Controls: Where possible, disable Wi-Fi Protected Setup (WPS) and restrict access to the web interface to authorized internal subnets only.

Public Exploit Available: true

The combination of a high CVSS score and the availability of public exploits makes this a critical security issue. Organizations using the TOTOLINK X15 must apply the necessary firmware patches immediately to mitigate the risk of remote code execution.