CVE-2025-11653
Published: 13 October 2025
Description
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Security Summary
CVE-2025-11653 is a buffer overflow vulnerability affecting the UTT HiPER 2620G router in versions up to 3.1.4. The flaw exists in the strcpy function within the /goform/fNTP file, where manipulation of the NTPServerIP argument leads to the overflow. It is classified under CWE-119 and CWE-120, with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges and network access can exploit this vulnerability remotely without user interaction. Exploitation triggers a buffer overflow, potentially enabling high-impact consequences such as unauthorized data access, modification, or system disruption.
Advisories from VulDB and a related GitHub issue indicate that the exploit has been publicly disclosed and is available for use. The vendor was contacted early regarding the issue but provided no response, and no patches or mitigations are mentioned in the available references.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Buffer overflow in router's web interface (/goform/fNTP) enables remote exploitation by low-privileged attackers for code execution, directly facilitating public-facing application exploitation (T1190), exploitation of remote services (T1210), and privilege escalation (T1068).