CVE-2025-10171 – A buffer overflow vulnerability in UTT 1250GW d... (How to Fix)

Q: What is the severity of CVE-2025-10171?

CVE-2025-10171 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in UTT 1250GW devices allows remote attackers to execute arbitrary code or cause denial of service. This affects all versions up to 3.2.2-200710. Remote exploitation is possible without authentication.

📋 TL;DR

A buffer overflow vulnerability in UTT 1250GW devices allows remote attackers to execute arbitrary code or cause denial of service. This affects all versions up to 3.2.2-200710. Remote exploitation is possible without authentication.

💻 Affected Systems

Products:

UTT 1250GW

Versions: Up to and including 3.2.2-200710

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations running affected firmware versions are vulnerable. The vulnerability is in the web management interface component.

📦 What is this software?

1250gw Firmware by Utt

View all CVEs affecting 1250gw Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, network infiltration, and persistent backdoor installation.

🟠

Likely Case

Remote code execution allowing attackers to gain control of the device, modify configurations, and pivot to internal networks.

🟢

If Mitigated

Denial of service if exploit fails or is blocked, potentially disrupting network connectivity.

🌐 Internet-Facing: HIGH - Remote exploitation possible, public exploit available, no authentication required.

🏢 Internal Only: HIGH - Even internally, vulnerable devices can be exploited to pivot through networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code is available on GitHub. Remote exploitation requires no authentication. The vulnerability is in formConfigApConfTemp endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: Yes

Instructions:

No official patch available. Consider upgrading to any firmware version beyond 3.2.2-200710 if available, or replace with alternative hardware.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate UTT 1250GW devices from internet and restrict access to management interface

Access Control Lists

all

Implement firewall rules to block external access to port 80/443 on affected devices

🧯 If You Can't Patch

Immediately disconnect vulnerable devices from internet-facing networks
Implement strict network segmentation and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check firmware version via web interface at http://device-ip/ or via SSH using version command

Check Version:

Check web interface or use vendor-specific CLI commands for version information

Verify Fix Applied:

Verify firmware version is above 3.2.2-200710. No official fix exists, so verification requires vendor confirmation.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/formConfigApConfTemp
Buffer overflow errors in system logs
Unexpected device reboots

Network Indicators:

Exploit traffic patterns to vulnerable endpoint
Unusual outbound connections from device

SIEM Query:

source_ip=* AND dest_ip=UTT_device AND uri_path="/goform/formConfigApConfTemp" AND http_method=POST

📊 Metadata

CVE ID: CVE-2025-10171

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.19% exploit probability (40.1th percentile)

Published: September 9, 2025

Last Updated: January 8, 2026

🔗 References

https://github.com/Aur0r3-zy/cve/blob/main/CVE.md Exploit,Third Party Advisory
https://vuldb.com/?ctiid.323206 Permissions Required,VDB Entry
https://vuldb.com/?id.323206 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.636789 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10171, you might also want to check these: