CVE-2025-14572
Unknown Unknown - Not Provided
Memory Corruption in UTT 进取 512W /goform Remote Exploit

Publication date: 2025-12-12

Last updated on: 2025-12-12

Assigner: VulDB

Description
A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This affects an unknown part of the file /goform/formWebAuthGlobalConfig. Performing manipulation of the argument hidcontact results in memory corruption. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-12
Last Modified
2025-12-12
Generated
2026-06-16
AI Q&A
2025-12-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14572
EUVD
EUVD-2025-203118
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
utt 进取 1.7.7-171114
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in UTT 进取 512W up to version 1.7.7-171114, specifically in the /goform/formWebAuthGlobalConfig file. Manipulating the argument 'hidcontact' can cause memory corruption. The vulnerability can be exploited remotely, and a public exploit is available. The vendor was informed but did not respond.

Impact Analysis

Exploitation of this vulnerability can lead to memory corruption, which may allow an attacker to execute arbitrary code or cause a denial of service remotely. This can compromise the affected system's confidentiality, integrity, and availability.

Detection Guidance

This vulnerability can be detected by monitoring for abnormal POST requests to the `/goform/formWebAuthGlobalConfig` endpoint containing an excessively long `hidcontact` parameter. A proof of concept involves sending a crafted POST request with a very long string assigned to `hidcontact`. Detection can include inspecting logs for such requests or using intrusion prevention systems to detect abnormal POST payloads targeting this endpoint. Specific commands are not provided, but using tools like curl or custom scripts to send POST requests with long `hidcontact` values can help test for the vulnerability. For example, a curl command to test might be: `curl -X POST -d "hidcontact=$(python -c 'print("a"*1000)')" http://<router-ip>/goform/formWebAuthGlobalConfig` with appropriate authentication. Monitoring for device crashes or reboots after such requests also indicates exploitation. [1]

Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

Immediate mitigation steps include: 1) Avoid exposing the management interface `/goform/formWebAuthGlobalConfig` to the public internet. 2) Restrict access to the management interface to trusted IP ranges only. 3) Use strong authentication mechanisms and change default credentials. 4) Deploy intrusion prevention systems to detect and block abnormal POST requests targeting the vulnerable endpoint. 5) Monitor the device for signs of instability or crashes. Since no vendor patch is available, consider replacing the affected device with a secure alternative. Avoid testing or exploiting the vulnerability without explicit permission. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14572. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart