CVE-2025-10170 – A buffer overflow vulnerability in UTT 1200GW d... (How to Fix)

Q: What is the severity of CVE-2025-10170?

CVE-2025-10170 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in UTT 1200GW devices allows remote attackers to execute arbitrary code or cause denial of service by manipulating the loadBalanceNameOld parameter. This affects all UTT 1200GW devices running firmware versions up to 3.0.0-170831. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A buffer overflow vulnerability in UTT 1200GW devices allows remote attackers to execute arbitrary code or cause denial of service by manipulating the loadBalanceNameOld parameter. This affects all UTT 1200GW devices running firmware versions up to 3.0.0-170831. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

UTT 1200GW

Versions: All versions up to 3.0.0-170831

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected firmware versions are vulnerable by default. The vulnerable endpoint /goform/formApLbConfig is accessible via web interface.

📦 What is this software?

1200gw Firmware by Utt

View all CVEs affecting 1200gw Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attackers to gain control of the device, intercept network traffic, or pivot to internal networks.

🟢

If Mitigated

Denial of service causing device reboot or instability if exploit attempts are blocked.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and affects internet-facing network devices.

🏢 Internal Only: HIGH - Even internally, these devices are critical infrastructure that could be compromised.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available on GitHub. The vulnerability requires no authentication and has simple exploitation vectors.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: Yes

Instructions:

No official patch is available. Contact UTT vendor for firmware updates. If unavailable, implement workarounds immediately.

🔧 Temporary Workarounds

Network Access Control

linux

Block external access to UTT 1200GW web interface using firewall rules

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

VLAN Segmentation

all

Isolate UTT 1200GW devices on separate VLANs with strict access controls

🧯 If You Can't Patch

Replace affected devices with supported alternatives from different vendors
Implement strict network segmentation and monitor all traffic to/from UTT devices

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface at http://device-ip/ or via SSH: cat /etc/version

Check Version:

cat /etc/version 2>/dev/null || grep -i version /proc/cmdline

Verify Fix Applied:

Verify firmware version is above 3.0.0-170831. No official fix exists, so verification requires vendor confirmation.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /goform/formApLbConfig
Unusual buffer overflow errors in system logs
Device reboot events

Network Indicators:

HTTP POST requests with long loadBalanceNameOld parameters
Traffic to /goform/formApLbConfig from unexpected sources

SIEM Query:

source="*UTT*" AND (url="/goform/formApLbConfig" OR "loadBalanceNameOld")

📊 Metadata

CVE ID: CVE-2025-10170

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.19% exploit probability (40.1th percentile)

Published: September 9, 2025

Last Updated: January 8, 2026

🔗 References

https://github.com/lin-3-start/lin-cve/blob/main/UTT%201200GW-2/UTT%201200GW-2.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.323205 Permissions Required,VDB Entry
https://vuldb.com/?id.323205 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.636697 Third Party Advisory,VDB Entry
https://github.com/lin-3-start/lin-cve/blob/main/UTT%201200GW-2/UTT%201200GW-2.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10170, you might also want to check these: