CVE-2025-15460
Buffer Overflow in UTT 进取 520W /goform/formPptpClientConfig Allows Remote Exploit
Publication date: 2026-01-05
Last updated on: 2026-01-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unknown_vendor | utt_进取_520w | 1.7.7-180627 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15460 is a critical buffer overflow vulnerability in the UTT 进取 520W device, version 1.7.7-180627. It occurs in the strcpy function within the /goform/formPptpClientConfig file. By manipulating the argument 'EncryptionMode' with unchecked input, an attacker can overflow a buffer because the input is copied without verifying its size against the buffer size. This flaw corresponds to CWE-120 (Classic Buffer Overflow) and allows remote exploitation. [2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the affected device. An attacker can remotely exploit the buffer overflow to cause denial-of-service (DoS) conditions or potentially execute arbitrary code, leading to system crashes or unauthorized control. The exploit is publicly available and considered easy to execute, increasing the risk. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for requests to the endpoint /goform/formPptpClientConfig that include manipulation of the EncryptionMode parameter. Since the exploit is public and targets a buffer overflow via strcpy, network intrusion detection systems (NIDS) can be configured to look for unusual or malformed POST requests to this endpoint. Specific commands are not provided in the resources, but you can use tools like curl or wget to test the endpoint manually, or use network monitoring tools to detect suspicious traffic patterns targeting /goform/formPptpClientConfig. For example, a curl command to test might be: curl -X POST http://<device-ip>/goform/formPptpClientConfig -d "EncryptionMode=..." with varying payload sizes to check for abnormal responses or crashes. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
No official mitigation or patch is currently available from the vendor, as they did not respond to the disclosure. The suggested immediate step is to replace the affected UTT 进取 520W device with an alternative product. Additionally, you should restrict network access to the vulnerable endpoint, implement firewall rules to block unauthorized access to /goform/formPptpClientConfig, and monitor for exploit attempts. Applying network-level protections and isolating the device can reduce risk until replacement is possible. [3]