Cyber Posture

CVE-2025-15431

HighPublic PoC

Published: 02 January 2026

Published
02 January 2026
Modified
23 February 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 33.3th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing a manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has…

more

been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match
prevent

Requires validation and sanitization of the 'filename' argument in /goform/formFtpServerDirConfig to prevent buffer overflow from improper input handling.

SI-16 Memory Protection good match
prevent

Enforces memory protections such as non-executable memory and stack guards to mitigate exploitation of the strcpy buffer overflow for arbitrary code execution.

SI-2 Flaw Remediation good match
preventrecover

Mandates timely identification, reporting, and remediation of the buffer overflow flaw, including monitoring for vendor patches despite lack of response.

Security SummaryAI

CVE-2025-15431 is a buffer overflow vulnerability in the UTT 进取 512W router running firmware version 1.7.7-171114. The flaw resides in the strcpy function within the /goform/formFtpServerDirConfig file, where improper handling of the 'filename' argument allows overflow conditions. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability was published on 2026-01-02.

Attackers with low privileges (PR:L) can exploit this remotely over the network (AV:N) with low complexity and no user interaction required. By manipulating the 'filename' argument, an attacker triggers the buffer overflow, potentially achieving high impacts on confidentiality, integrity, and availability, such as arbitrary code execution or denial of service on the affected device.

Advisories from VulDB indicate the exploit has been publicly disclosed, including proof-of-concept code available on GitHub repositories. The vendor was notified early but provided no response or patch, leaving no official mitigation available as of disclosure.

Notable context includes the published exploit, which may already be in use by threat actors targeting exposed UTT 进取 512W devices.

Details

CWE(s)
CWE-119CWE-120

Affected Products

utt
512w firmware
≤ 1.7.7-171114

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
attack.mitre.org →
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Buffer overflow in web management interface (/goform/formFtpServerDirConfig) enables remote exploitation (AV:N/PR:L) for RCE or DoS, directly facilitating T1190 (public-facing app), T1210 (remote services), and T1068 (privilege escalation via vuln).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References