CVE-2025-10170
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-11
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | 1200gw | 3.0.0-170831 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-10170 is a critical buffer overflow vulnerability in the UTT 1200GW router firmware up to version 3.0.0-170831. It occurs in the function sub_4B48F8 within the /goform/formApLbConfig file, specifically when handling the input parameter loadBalanceNameOld. The vulnerability arises because the device copies data from an input buffer to an output buffer without checking if the input size exceeds the output buffer size, leading to a buffer overflow. This flaw can be exploited remotely by an attacker without authentication, potentially causing denial of service or other impacts. [1, 2]
How can this vulnerability impact me? :
This vulnerability can be exploited remotely to cause a denial of service (DoS) on the UTT 1200GW router, disrupting network availability. Additionally, it may compromise the confidentiality, integrity, and availability of the device, potentially allowing attackers to manipulate or disrupt load balancing configurations. Since the exploit is publicly available and easy to execute, affected devices are at significant security risk. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for requests to the endpoint /goform/formApLbConfig with suspicious or unusually long parameters, especially the loadBalanceNameOld argument. Since the exploit involves a buffer overflow via this parameter, detection could involve inspecting HTTP POST requests to this endpoint for abnormal payload sizes or patterns. Specific commands depend on your environment, but using tools like curl or wget to test the endpoint with crafted inputs, or network monitoring tools like tcpdump or Wireshark to capture and analyze traffic to /goform/formApLbConfig, can help detect exploitation attempts. For example, using curl to send a request with a very long loadBalanceNameOld parameter to see if the device responds abnormally could be a detection method. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include discontinuing use of the affected UTT 1200GW devices running firmware up to version 3.0.0-170831, as no patches or vendor responses are available. Replace the affected product with an alternative device not vulnerable to this issue. Additionally, restrict network access to the device's management interface, especially blocking remote access to the /goform/formApLbConfig endpoint, to reduce exposure. Monitoring for exploitation attempts and isolating the device from untrusted networks can also help mitigate risk until replacement is possible. [2]