CVE-2025-14535

CriticalPublic PoC

Published: 11 December 2025

Published

11 December 2025

Modified

07 January 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0031 54.4th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was identified in UTT 进取 512W up to 3.1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigFastDirectionW. The manipulation of the argument ssid leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly…

available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation and sanitization of the 'ssid' argument to /goform/formConfigFastDirectionW to directly prevent the buffer overflow triggered by strcpy.

SI-2 Flaw Remediation good match

preventdetect

Mandates monitoring for vulnerabilities like CVE-2025-14535, scanning affected UTT devices, and remediating flaws to eliminate the buffer overflow risk.

SI-16 Memory Protection good match

prevent

Deploys memory protection mechanisms such as address space layout randomization and stack canaries to mitigate remote exploitation of the buffer overflow for arbitrary code execution.

Security SummaryAI

CVE-2025-14535 is a buffer overflow vulnerability affecting the UTT 进取 512W device running firmware versions up to 3.1.7.7-171114. The issue resides in the strcpy function within the /goform/formConfigFastDirectionW file, where manipulation of the 'ssid' argument triggers the overflow. This flaw, classified under CWE-119 and CWE-120, carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its potential for complete system compromise.

The vulnerability can be exploited remotely by unauthenticated attackers with network access, requiring low complexity and no user interaction. Successful exploitation allows arbitrary code execution, potentially granting attackers high-impact control over confidentiality, integrity, and availability of the affected device, such as executing malicious code or disrupting network operations.

Advisories from VulDB and a GitHub issue tracker detail the vulnerability but note no vendor response despite early contact, implying no official patches or mitigations are available. Security practitioners should isolate affected devices, monitor for exploitation attempts targeting the /goform/formConfigFastDirectionW endpoint, and consider firmware upgrades if released.

A publicly available exploit exists, increasing the risk of active attacks against unpatched UTT 进取 512W deployments.

Details

CWE(s): CWE-119 CWE-120

Affected Products

utt

512w firmware

≤ 1.7.7-171114

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in publicly accessible web endpoint (/goform/formConfigFastDirectionW) on network device enables unauthenticated remote arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/maximdevere/CVE2/issues/7
Exploit, Issue Tracking, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.335874
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.335874
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.703621
Third Party Advisory, VDB Entry · cna@vuldb.com