CVE-2025-14139

UTT 进取 520W formConfigDnsFilterGlobal strcpy buffer overflow

CVSS 6.9 MEDIUMEPSS 1.0%CWE-119 CWE-120

In short

A buffer overflow vulnerability exists in UTT 进取 520W's DNS filter configuration function. An attacker can send specially crafted input to crash the device or potentially execute unauthorized code.

Technical detail

The vulnerability is a classic buffer overflow in the strcpy function within the /goform/formConfigDnsFilterGlobal endpoint, triggered via the timeRangeName parameter. An unauthenticated attacker can exploit this via network access to the affected device to cause denial of service or potential code execution; the vulnerability has been publicly disclosed.

Summary generated and translated by AI from the official description.

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Impacted is the function strcpy of the file /goform/formConfigDnsFilterGlobal. Such manipulation of the argument timeRangeName leads to buffer overflow. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

Affected products

UTT · 进取 520W

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cymiao1978/cve/blob/main/new/11.md https://github.com/cymiao1978/cve/blob/main/new/11.md#poc https://vuldb.com/?ctiid.334527 https://vuldb.com/?id.334527 https://vuldb.com/?submit.698520