CVE Alert: CVE-2025-11652 - UTT - 进取 518G

CVE-2025-11652

HIGHNo exploitation known

A vulnerability was found in UTT 进取 518G up to V3v3.2.7-210919-161313. This issue affects some unknown processing of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3.1 (8.8)

Vendor

UTT

Product

进取 518G

Versions

V3v3.2.7-210919-161313

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-10-13T00:02:05.104Z

Updated

2025-10-13T00:02:05.104Z

References

https://vuldb.com/?id.328069

https://vuldb.com/?ctiid.328069

https://vuldb.com/?submit.664926

https://github.com/cymiao1978/cve/blob/main/14.md

https://github.com/cymiao1978/cve/blob/main/14.md#poc

AI Summary Analysis

Risk verdict

High risk and urgent: a publicly disclosed remote buffer overflow with a verified exploit path could enable remote code execution without user interaction.

Why this matters

The vulnerability yields full compromise of the affected device’s integrity, with potential for remote control, data exposure, and disruption of network services. In environments where exposed routers/gateways are reachable from the Internet, an attacker could pivot to adjacent devices, degrade availability, or exfiltrate sensitive traffic.

Most likely attack path

Remote attacker, no user interaction required, targets the vulnerable endpoint /goform/formTaskEdit_ap. The flaw stems from input handling (txtMin2) causing memory corruption with high-severity impact on confidentiality, integrity and availability. Exploitation relies on network access and low-privilege credentials (PR:L), but remote access is possible, enabling potential lateral movement within trusted segments once initial access is gained.

Who is most exposed

Devices in internet-facing deployments running this firmware, common in small business or consumer network appliances, are at highest risk; environments with exposed management interfaces or remote administration are especially vulnerable.

Detection ideas

Look for anomalous requests to /goform/formTaskEdit_ap with crafted txtMin2 values.
Unusual memory fault indicators, crashes, or reboot patterns on affected devices.
Indicators from exploitation chatter or PoC signatures in IDS/IPS and log aggregations.
Unusual privilege elevation attempts or unexpected process spawns post-request.
Sudden spikes in outbound traffic or anomalous access to internal hosts.

Mitigation and prioritisation

Apply vendor patch to the fixed version as a priority; verify deployment across all affected devices.
Restrict or disable remote management to trusted networks; implement strong ingress controls.
Deploy WAF/IPS rules to detect or block crafted requests targeting formTaskEdit_ap.
Implement network segmentation and device hardening; ensure logging and alerting for AP-level failures.
Schedule a change window for patch rollout and perform post‑patch validation.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.