CVE Alert: CVE-2025-11651 - UTT - 进取 518G

CVE-2025-11651

HIGHNo exploitation known

A vulnerability has been found in UTT 进取 518G up to V3v3.2.7-210919-161313. This vulnerability affects the function sub_4247AC of the file /goform/formRemoteControl. The manipulation of the argument Profile leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS v3.1 (8.8)

Vendor

UTT

Product

进取 518G

Versions

V3v3.2.7-210919-161313

CWE

CWE-120, Buffer Overflow

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Published

2025-10-12T23:32:06.071Z

Updated

2025-10-12T23:32:06.071Z

References

https://vuldb.com/?id.328068

https://vuldb.com/?ctiid.328068

https://vuldb.com/?submit.664925

https://github.com/cymiao1978/cve/blob/main/13.md

https://github.com/cymiao1978/cve/blob/main/13.md#poc

AI Summary Analysis

Risk verdict

High risk of remote code execution on the affected device due to a buffer overflow in a remotely accessible endpoint; exploitation is publicly disclosed, elevating urgency.

Why this matters

Successful exploitation could give an attacker full control of the device, enabling persistence, data exfiltration, or further network compromise. Organisations with exposed management interfaces may see rapid impact across endpoints, with potential disruption to services reliant on the device.

Most likely attack path

An externally reachable attacker could trigger the overflow by crafting inputs to the Profile argument in the formRemoteControl endpoint, with no user interaction required. The vulnerability suggests low-preconditions and remote access, raising the likelihood of rapid exploitation on any device with exposed management interfaces and weak network controls, potentially enabling high-privilege actions and lateral movement within the LAN.

Who is most exposed

Devices deployed in consumer or small business networks that expose web-based management to untrusted networks are most at risk; typical deployments include gateways or routers with WAN-accessible form interfaces.

Detection ideas

Look for unusual, oversized requests targeting /goform/formRemoteControl, especially non-standard Profile values.
Monitor for device crashes, memory corruption symptoms, or unexpected reboots/logs indicating a buffer overflow.
Identify spikes in inbound management traffic from external sources or from unexpected subnets.
Correlate with CVSS-exposed indicators: unusual authentication events or privilege escalation attempts.
Inspect crash dumps or kernel logs for stack/heap corruption signatures.

Mitigation and prioritisation

Apply vendor firmware update that contains the fix; if unavailable, disable remote management or restrict access to trusted networks only.
Implement network access controls: allow management traffic only from whitelisted subnets, and enable MFA where applicable.
Deploy endpoint/IDS signatures or WAF rules to detect and block malicious payloads targeting formRemoteControl.
Plan a change window for firmware upgrade and conduct pre/post validation tests.
If feasible, rotate credentials and review exposure of other web-management surfaces.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.