CVE-2025-14572

UTT 进取 512W formWebAuthGlobalConfig memory corruption

CVSS 8.7 HIGHEPSS 3.1%CWE-119

In short

A flaw in UTT 进取 512W devices allows attackers to corrupt memory by manipulating a parameter in the web authentication settings, potentially causing crashes or enabling unauthorized access without needing direct device access.

Technical detail

CWE-119 buffer overflow vulnerability in the /goform/formWebAuthGlobalConfig endpoint affecting UTT 进取 512W up to version 1.7.7-171114; remote attacker can send crafted input via the 'hidcontact' parameter to trigger out-of-bounds memory write, resulting in denial of service or potential code execution depending on memory layout and protections.

Summary generated and translated by AI from the official description.

A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This affects an unknown part of the file /goform/formWebAuthGlobalConfig. Performing manipulation of the argument hidcontact results in memory corruption. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected products

UTT · 进取 512W

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/alc9700jmo/CVE/issues/21 https://vuldb.com/?ctiid.336196 https://vuldb.com/?id.336196 https://vuldb.com/?submit.704107