CVE-2025-11323
BaseFortify
Publication date: 2025-10-06
Last updated on: 2025-10-06
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | 1250gw | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-11323 is a critical buffer overflow vulnerability in the UTT 1250GW router running firmware up to version v2v3.2.2-200710. The flaw exists in the strcpy function within the /goform/formUserStatusRemark route, where the Username parameter is copied into a fixed-size buffer without proper bounds checking. This allows an attacker to send a specially crafted request with an excessively long Username value, causing a buffer overflow that leads to memory corruption. This vulnerability can be exploited remotely and may cause denial of service (DoS) by crashing the router or potentially enable further exploitation. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability impacts the confidentiality, integrity, and availability of the affected UTT 1250GW device. Exploiting the buffer overflow can cause the router to crash, resulting in denial of service (DoS). Additionally, the memory corruption caused by the overflow could potentially be leveraged for further attacks, compromising the device's security. Since the exploit is publicly available and the vendor has not provided any mitigations, affected users face a critical security risk. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the endpoint /goform/formUserStatusRemark containing an unusually long or malformed 'userName' parameter, which may indicate an attempt to exploit the buffer overflow. A practical detection method is to capture and analyze HTTP traffic targeting the UTT 1250GW router for such requests. For example, using network packet capture tools like tcpdump or Wireshark to filter HTTP POST requests to /goform/formUserStatusRemark. A command example to capture such traffic could be: tcpdump -i <interface> -A 'tcp port 80 and (((ip dst <router_ip>) and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)))' and then inspecting the payload for the 'userName' parameter length. Additionally, checking router logs for crashes or abnormal behavior after such requests may help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected UTT 1250GW router's management interface to trusted networks only, such as limiting access via firewall rules or network segmentation to prevent remote exploitation. Since no vendor patch or fix is available and the vendor did not respond, it is recommended to replace the affected device with an alternative product. Monitoring for exploit attempts and disabling any unnecessary services or interfaces that expose the vulnerable endpoint can also reduce risk. Applying network-level protections such as intrusion detection/prevention systems (IDS/IPS) to detect and block malicious POST requests targeting /goform/formUserStatusRemark is advisable. [2]