CVE-2025-8244

HighPublic PoCRCE

Published: 27 July 2025

Published

27 July 2025

Modified

29 July 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0100 77.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8244 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Totolink X15 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 22.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 3 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Information Input Validation directly prevents buffer overflows by enforcing bounds checking and validation on the macstr POST parameter before processing.

SI-16 Memory Protection good match

prevent

Memory Protection implements safeguards like DEP and ASLR to minimize the impact of buffer overflow exploits attempting arbitrary code execution.

SI-2 Flaw Remediation good match

preventrecover

Flaw Remediation requires timely patching of the specific buffer overflow in the HTTP POST handler to eliminate the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Remote buffer overflow (CWE-120) in router web interface (/boafrm/formMapDelDevice) via 'macstr' enables unauthenticated exploitation of public-facing application (T1190), remote services (T1210), command injection into Unix shell (T1059.004 per advisories), and DoS via application exploitation (T1499.004).

NVD Description

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to buffer overflow.…

It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Deeper analysisAI

CVE-2025-8244 is a critical buffer overflow vulnerability affecting the TOTOLINK X15 router running firmware version 1.0.0-B20230714.1105. The issue resides in an unknown function within the file /boafrm/formMapDelDevice of the HTTP POST Request Handler component. It is triggered by manipulating the macstr argument in a POST request, leading to improper bounds checking and overflow. The vulnerability carries a CVSS v3.1 base score of 8.8 and is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), CWE-120 (Buffer Copy without Checking Size of Input), and CWE-77 (Command Injection).

The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring network access (AV:N) and low attack complexity (AC:L) with no user interaction (UI:N). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), potentially allowing arbitrary code execution, data theft, or device takeover on the affected router.

Advisories from VulDB detail the vulnerability and reference a public proof-of-concept exploit available on GitHub at https://github.com/panda666-888/vuls/blob/main/totolink/x15/formMapDelDevice.md, which demonstrates the buffer overflow via the macstr parameter. The vendor's site at https://www.totolink.net/ is listed as a reference, though no specific patches or mitigations are detailed in the provided sources; security practitioners should monitor it for firmware updates.

Details

CWE(s): CWE-119 CWE-120 CWE-77

Affected Products

totolink

x15 firmware

1.0.0-b20230714.1105

CVEs Like This One

CVE-2025-8245Same product: Totolink X15

CVE-2025-8246Same product: Totolink X15

CVE-2025-8242Same product: Totolink X15

CVE-2025-8243Same product: Totolink X15

CVE-2025-8140Same vendor: Totolink

CVE-2025-8139Same vendor: Totolink

CVE-2025-8138Same vendor: Totolink

CVE-2025-8136Same vendor: Totolink

CVE-2025-12240Same vendor: Totolink

CVE-2025-8170Same vendor: Totolink

References

https://github.com/panda666-888/vuls/blob/main/totolink/x15/formMapDelDevice.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.317832
Permissions Required · cna@vuldb.com
https://vuldb.com/?id.317832
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.622692
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.totolink.net/
Product · cna@vuldb.com