CVE-2025-7571
BaseFortify
Publication date: 2025-07-14
Last updated on: 2025-07-15
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | hiper_840g | 3.1.1-190328 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7571 is a critical buffer overflow vulnerability in the UTT HiPER 840G router firmware up to version 3.1.1-190328. It occurs in the handling of the Username parameter in the file /goform/aspApBasicConfigUrcp, where improper input validation allows an attacker to overflow a buffer. This happens because the input size is not checked before copying it to an output buffer, leading to a classic buffer overflow issue (CWE-120). The vulnerability can be exploited remotely without authentication. [1, 2]
How can this vulnerability impact me? :
Exploiting this vulnerability can compromise the confidentiality, integrity, and availability of the affected system. It can lead to denial of service (DoS) conditions and potentially allow remote attackers to execute arbitrary code or disrupt device operations. Since the exploit is publicly available and easy to execute, attackers can remotely attack the device without authentication. No patches or mitigations are currently available, so the affected product should be replaced. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring network traffic for requests to the endpoint `/goform/aspApBasicConfigUrcp` containing unusually long or malformed `Username` parameters that could trigger the buffer overflow. Since the exploit is publicly available, signature-based IDS/IPS rules or custom scripts can be used to detect attempts to exploit this vulnerability. Specific commands are not provided in the resources, but network traffic capture tools like tcpdump or Wireshark can be used to filter HTTP requests to the vulnerable endpoint, e.g., `tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/aspApBasicConfigUrcp'`. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
No official patches or vendor mitigations are currently available. Immediate steps include restricting remote access to the affected device, especially blocking access to the `/goform/aspApBasicConfigUrcp` endpoint via firewall rules or network segmentation. Consider replacing the affected UTT HiPER 840G device with a non-vulnerable alternative. Monitoring for exploit attempts and applying network-level protections such as IDS/IPS signatures is also recommended. [2]