CVE-2025-11323
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-06

Last updated on: 2025-10-06

Assigner: VulDB

Description
A vulnerability was determined in UTT 1250GW up to v2v3.2.2-200710. Affected is the function strcpy of the file /goform/formUserStatusRemark. This manipulation of the argument Username causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-06
Last Modified
2025-10-06
Generated
2026-06-16
AI Q&A
2025-10-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-11323
EUVD
EUVD-2025-32207
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
utt 1250gw *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-11323 is a critical buffer overflow vulnerability in the UTT 1250GW router running firmware up to version v2v3.2.2-200710. The flaw exists in the strcpy function within the /goform/formUserStatusRemark route, where the Username parameter is copied into a fixed-size buffer without proper bounds checking. This allows an attacker to send a specially crafted request with an excessively long Username value, causing a buffer overflow that leads to memory corruption. This vulnerability can be exploited remotely and may cause denial of service (DoS) by crashing the router or potentially enable further exploitation. [1, 2, 3]

Impact Analysis

This vulnerability impacts the confidentiality, integrity, and availability of the affected UTT 1250GW device. Exploiting the buffer overflow can cause the router to crash, resulting in denial of service (DoS). Additionally, the memory corruption caused by the overflow could potentially be leveraged for further attacks, compromising the device's security. Since the exploit is publicly available and the vendor has not provided any mitigations, affected users face a critical security risk. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by monitoring for suspicious POST requests to the endpoint /goform/formUserStatusRemark containing an unusually long or malformed 'userName' parameter, which may indicate an attempt to exploit the buffer overflow. A practical detection method is to capture and analyze HTTP traffic targeting the UTT 1250GW router for such requests. For example, using network packet capture tools like tcpdump or Wireshark to filter HTTP POST requests to /goform/formUserStatusRemark. A command example to capture such traffic could be: tcpdump -i <interface> -A 'tcp port 80 and (((ip dst <router_ip>) and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)))' and then inspecting the payload for the 'userName' parameter length. Additionally, checking router logs for crashes or abnormal behavior after such requests may help detect exploitation attempts. [3]

Mitigation Strategies

Immediate mitigation steps include restricting access to the affected UTT 1250GW router's management interface to trusted networks only, such as limiting access via firewall rules or network segmentation to prevent remote exploitation. Since no vendor patch or fix is available and the vendor did not respond, it is recommended to replace the affected device with an alternative product. Monitoring for exploit attempts and disabling any unnecessary services or interfaces that expose the vulnerable endpoint can also reduce risk. Applying network-level protections such as intrusion detection/prevention systems (IDS/IPS) to detect and block malicious POST requests targeting /goform/formUserStatusRemark is advisable. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-11323. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart