Cyber Posture

CVE-2025-14141

HighPublic PoC

Published: 06 December 2025

Published
06 December 2025
Modified
11 December 2025
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0038 59.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A flaw has been found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formArpBindConfig. Executing manipulation of the argument pools can lead to buffer overflow. The attack may be performed from remote. The…

more

exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Directly prevents buffer overflow exploitation by validating the size and format of the 'pools' argument prior to using strcpy in /goform/formArpBindConfig.

SI-16 Memory Protection good match
prevent

Implements runtime memory protections such as stack canaries, ASLR, and DEP to block arbitrary code execution from buffer overflow exploits even if input validation is bypassed.

SI-2 Flaw Remediation good match
preventrecover

Establishes processes to identify, prioritize, and remediate known flaws like this published buffer overflow, including isolation or replacement of unpatched firmware.

Security SummaryAI

CVE-2025-14141 is a buffer overflow vulnerability affecting the UTT 进取 520W router firmware version 1.7.7-180627. The issue stems from improper use of the strcpy function in the /goform/formArpBindConfig component, where manipulation of the "pools" argument triggers the overflow. Published on 2025-12-06, it is rated 8.8 on the CVSS 3.1 scale (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).

An authenticated remote attacker with low privileges can exploit this vulnerability by sending crafted requests to the affected endpoint. Successful exploitation leads to high-impact compromise, including arbitrary code execution with potential for full system control, data disclosure, modification, or denial of service.

No vendor patches or official mitigations are available, as the supplier was notified early but provided no response. Advisories and a proof-of-concept exploit are documented in references including GitHub repositories at https://github.com/cymiao1978/cve/blob/main/new/13.md and https://github.com/cymiao1978/cve/blob/main/new/13.md#poc, as well as VulDB entries at https://vuldb.com/?ctiid.334529, https://vuldb.com/?id.334529, and https://vuldb.com/?submit.698522. The published exploit may facilitate active attacks on unpatched devices.

Details

CWE(s)
CWE-119CWE-120

Affected Products

utt
520w firmware
1.7.7-180627

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Buffer overflow in the remote web endpoint /goform/formArpBindConfig allows exploitation of a public-facing application on the UTT router for potential RCE or DoS.

References