CVE-2025-10953

UTT 1200GW/1250GW formApMail buffer overflow

CVSS 8.7 HIGHEPSS 4.4%CWE-119 CWE-120

In short

A buffer overflow vulnerability exists in UTT 1200GW and 1250GW routers when processing the senderEmail parameter in the /goform/formApMail function. An attacker can remotely exploit this to crash the device or potentially execute arbitrary code.

Technical detail

CWE-119/120 buffer overflow in the formApMail endpoint allows remote attackers to overflow the senderEmail parameter without authentication, leading to memory corruption and potential code execution on vulnerable UTT gateway models up to version 3.2.2-200710.

Summary generated and translated by AI from the official description.

A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation of the argument senderEmail leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected products

UTT · 1200GW UTT · 1250GW

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/cymiao1978/cve/blob/main/8.md https://github.com/cymiao1978/cve/blob/main/9.md https://vuldb.com/?ctiid.325824 https://vuldb.com/?id.325824 https://vuldb.com/?submit.652687 https://vuldb.com/?submit.652688