CVE-2025-14534

CriticalPublic PoC

Published: 11 December 2025

Published

11 December 2025

Modified

07 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0064 70.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched…

remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of the NatBind input argument to ensure it does not exceed buffer boundaries, directly preventing the strcpy-induced buffer overflow.

SI-16 Memory Protection good match

prevent

Implements memory protections like stack canaries, address space layout randomization, and non-executable memory to block exploitation of the buffer overflow for code execution or crashes.

SI-2 Flaw Remediation good match

prevent

Mandates identification and timely patching or replacement of the vulnerable firmware component using unsafe strcpy in /goform/formNatStaticMap.

Security SummaryAI

CVE-2025-14534 is a buffer overflow vulnerability affecting the UTT 进取 512W router firmware versions up to 3.1.7.7-171114. The issue resides in the strcpy function within the /goform/formNatStaticMap file of the Endpoint component, triggered by manipulation of the NatBind argument. Classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), it carries a CVSS v3.1 base score of 9.8, indicating critical severity.

The vulnerability enables remote exploitation over the network with low complexity, requiring no privileges or user interaction. Unauthenticated attackers can send crafted requests to the affected endpoint, causing a buffer overflow that leads to high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution or denial of service.

Advisories from VulDB and a GitHub issue detail the vulnerability, noting that an exploit has been publicly disclosed and may be utilized. The vendor was contacted early regarding disclosure but provided no response, and no patches or mitigations are mentioned in the available references.

Notable context includes the public availability of the exploit, increasing the risk of active exploitation against unpatched devices.

Details

CWE(s): CWE-119 CWE-120

Affected Products

utt

512w firmware

≤ 1.7.7-171114

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in public-facing router web endpoint (/goform/formNatStaticMap) enables unauthenticated remote exploitation for arbitrary code execution or DoS, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/maximdevere/CVE2/issues/6
Exploit, Issue Tracking, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.335873
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.335873
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.703620
Third Party Advisory, VDB Entry · cna@vuldb.com