CVE-2025-10169

UTT 1200GW ConfigWirelessBase buffer overflow

CVSS 8.7 HIGHEPSS 6.0%CWE-119 CWE-120

In short

The UTT 1200GW router has a flaw in its wireless configuration page where an attacker can send specially crafted data to crash the device or potentially execute harmful code by overflowing a memory buffer through the wireless network name (SSID) field.

Technical detail

A buffer overflow vulnerability exists in the /goform/ConfigWirelessBase endpoint of UTT 1200GW firmware up to version 3.0.0-170831, triggered via the ssid parameter. The vulnerability is remotely exploitable without authentication, allowing an unauthenticated attacker to achieve denial of service or code execution by exceeding buffer boundaries (CWE-119, CWE-120). Public exploits are available.

Summary generated and translated by AI from the official description.

A weakness has been identified in UTT 1200GW up to 3.0.0-170831. Affected by this issue is some unknown functionality of the file /goform/ConfigWirelessBase. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected products

UTT · 1200GW

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/lin-3-start/lin-cve/blob/main/UTT%201200GW-1/UTT%201200GW-1.md https://vuldb.com/?ctiid.323204 https://vuldb.com/?id.323204 https://vuldb.com/?submit.636696