CVE Alert: CVE-2025-11323 - UTT - 1250GW

CVE-2025-11323

HIGHNo exploitation known

A vulnerability was determined in UTT 1250GW up to v2v3.2.2-200710. Affected is the function strcpy of the file /goform/formUserStatusRemark. This manipulation of the argument Username causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3.1 (8.8)

Vendor

UTT

Product

1250GW

Versions

v2v3.2.2-200710

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-10-06T06:02:06.891Z

Updated

2025-10-06T06:02:06.891Z

References

https://vuldb.com/?id.327206

https://vuldb.com/?ctiid.327206

https://vuldb.com/?submit.664524

https://github.com/DavCloudz/cve/issues/3

AI Summary Analysis

Risk verdict

High risk: remote buffer overflow with public exploit guidance could enable unauthorised code execution on exposed devices.

Why this matters

The vulnerability provides network access to the device with low privileges and full impact on confidentiality, integrity and availability. Attackers could compromise the router, exfiltrate data, alter configurations or disrupt services, then pivot to adjacent devices or networks.

Most likely attack path

Exploitation can occur over the network without user interaction, but requires an existing low-privilege account on the device. An attacker could trigger the overflow via the vulnerable /goform/formUserStatusRemark path, gain control, then attempt persistence or lateral movement within vulnerable networks.

Who is most exposed

Devices with internet-facing or broad LAN management interfaces in SMB/enterprise deployments are most at risk, especially routers or gateway units shipped with this component family.

Detection ideas

Logs show crashes or kernel/user-space memory corruption tied to formUserStatusRemark activity.
Unusual or long Username payloads appearing in requests to /goform/formUserStatusRemark.
Signs of unexpected device reboots, service outages, or degraded performance following network access attempts.
IDS/IPS alerts for known exploit payload patterns or abnormal buffers in router management traffic.
Authentication/login attempts preceding unusual remote activity on the device.

Mitigation and prioritisation

Apply vendor patch or upgrade to a fixed firmware release; validate compatibility and rollback plan.
Disable or restrict remote management; enforce VPN-only administration and strict access controls.
Implement network segmentation and firewall rules to block access to the vulnerable endpoint from untrusted networks.
Monitor and alert on attempts to access /goform/formUserStatusRemark; tune logging to capture overflow indicators.
Change management: schedule a firmware update window; communicate impact and rollback procedures; verify post-update functionality. If KEV or EPSS data become available indicating active exploitation, treat as priority 1.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: 1250gw, CVE, cve-2025-11323, OSINT, threatintel, utt