CVE-2025-70998

CriticalPublic PoC

Published: 18 February 2026

Published

18 February 2026

Modified

19 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0026 48.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.

Mitigating Controls (NIST 800-53 r5)AI

IA-5 Authenticator Management good match

prevent

Directly requires changing default authenticators prior to first use, eliminating the insecure default credentials exploited for root access.

CM-7 Least Functionality good match

prevent

Prohibits or restricts unnecessary services like telnet, preventing remote exploitation of the vulnerable service.

AC-17 Remote Access partial match

prevent

Establishes usage restrictions and authorization for remote access, enabling disablement or securing of telnet to block unauthenticated root access.

Security SummaryAI

CVE-2025-70998 is a vulnerability in the UTT HiPER 810 / nv810v4 router firmware version v1.5.0-140603, stemming from insecure default credentials exposed via the telnet service. This flaw, classified under CWE-1188, enables a remote attacker to potentially gain root access by leveraging a crafted script. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high impact.

Any remote attacker can exploit this vulnerability without requiring authentication privileges, user interaction, or special conditions beyond network reachability. Exploitation allows full root-level compromise, providing high confidentiality, integrity, and availability impacts, such as executing arbitrary commands, modifying configurations, or disrupting router operations.

Details on the vulnerability, including a proof-of-concept exploit script, are documented in the GitHub repository at https://github.com/cha0yang1/UTT-nv810v4-telnet-backdoor. No vendor advisories or patch information are specified in the available references.

Details

CWE(s): CWE-1188

Affected Products

utt

810 firmware

1.5.0-140603

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth

Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

Why these techniques?

Insecure default credentials on exposed telnet service enable T1078.001 (Default Accounts) for initial access, T1190 (Exploit Public-Facing Application) as a remotely exploitable service vulnerability, and T1059.008 (Network Device CLI) for arbitrary command execution with root privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/cha0yang1/UTT-nv810v4-telnet-backdoor
Exploit, Third Party Advisory · cve@mitre.org