TOTOLINK X15 Buffer Overflow Vulnerability in HTTP POST Request Handler
Vulnerability
A critical buffer overflow vulnerability has been identified in the TOTOLINK X15 router, specifically in version 1.0.0-B20230714.1105. The issue arises within the HTTP POST request handler, particularly through the route /boafrm/formFilter. The vulnerability can be triggered by manipulating the ip6addr, url, vpnPassword, or vpnUser arguments, leading to a buffer overflow condition. This vulnerability can be exploited remotely, potentially causing a denial-of-service condition by sending crafted HTTP POST requests.
Impact
Exploitation of this vulnerability leads to a buffer overflow, which can commonly be used to execute arbitrary code or cause a denial-of-service condition by crashing the device.
Reproduction
The vulnerability can be reproduced by sending an HTTP POST request to the /boafrm/formFilter endpoint. The request must include a payload that manipulates one of the vulnerable parameters: ip6addr, url, vpnPassword, or vpnUser. The payload should be crafted to exceed the buffer size, causing a buffer overflow condition.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.