CVE-2025-5502

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/Yhuanhuan01/TOTOlink/blob/main/TOTOlink-x15.md#poc1-code-injection", "name": "https://github.com/Yhuanhuan01/TOTOlink/blob/main/TOTOlink-x15.md#poc1-code-injection", "tags": ["Exploit"], "refsource": ""}, {"url": "https://github.com/Yhuanhuan01/TOTOlink/blob/main/TOTOlink-x15.md#poc1-code-injection", "name": "https://github.com/Yhuanhuan01/TOTOlink/blob/main/TOTOlink-x15.md#poc1-code-injection", "tags": ["Exploit"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.310916", "name": "VDB-310916 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.310916", "name": "VDB-310916 | TOTOLINK X15 formMapReboot command injection", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.583562", "name": "Submit #583562 | TOTOLINK X15 V1.0.0-B20230714.1105 Stack-based Buffer Overflow and Command Injection", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://www.totolink.net/", "name": "https://www.totolink.net/", "tags": ["Product"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-787"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-5502", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2025-06-03T14:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:totolink:x15_firmware:1.0.0-b20230714.1105:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:totolink:x15:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-06-06T17:42Z"}