CVE-2025-11651 – This is a remote buffer overflow vulnerability ... (How to Fix)

Q: What is the severity of CVE-2025-11651?

CVE-2025-11651 has a CVSS score of 8.8 (HIGH). This is a remote buffer overflow vulnerability in UTT 进取 518G routers that allows attackers to execute arbitrary code by manipulating the Profile parameter. The vulnerability affects all versions up to V3v3.2.7-210919-161313 and can be exploited without authentication.

📋 TL;DR

This is a remote buffer overflow vulnerability in UTT 进取 518G routers that allows attackers to execute arbitrary code by manipulating the Profile parameter. The vulnerability affects all versions up to V3v3.2.7-210919-161313 and can be exploited without authentication.

💻 Affected Systems

Products:

UTT 进取 518G

Versions: All versions up to V3v3.2.7-210919-161313

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the /goform/formRemoteControl endpoint which appears to be enabled by default.

📦 What is this software?

518g Firmware by Utt

View all CVEs affecting 518g Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, router takeover, lateral movement to internal networks, and persistent backdoor installation.

🟠

Likely Case

Router compromise allowing traffic interception, network disruption, credential theft, and use as attack platform against internal systems.

🟢

If Mitigated

Limited impact if isolated in separate VLAN with strict firewall rules and no internet exposure.

🌐 Internet-Facing: HIGH - Remote exploitation without authentication makes internet-facing devices immediate targets.

🏢 Internal Only: MEDIUM - Internal devices still vulnerable to network-based attacks from compromised internal hosts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept available on GitHub, remote exploitation without authentication, buffer overflow with known offset.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: Yes

Instructions:

No official patch available. Consider replacing affected devices or implementing strict network controls.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected routers in separate VLAN with strict firewall rules

Access Control

linux

Block external access to router management interface

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Replace affected routers with supported models from different vendors
Implement strict network monitoring and IDS/IPS rules to detect exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface or SSH: version should be V3v3.2.7-210919-161313 or earlier

Check Version:

Check web interface at http://router-ip/ or via SSH if enabled

Verify Fix Applied:

No official fix available. Verify workarounds by testing network isolation and access controls.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/formRemoteControl
Large Profile parameter values in HTTP logs
Router reboot or crash logs

Network Indicators:

HTTP requests with oversized Profile parameters
Traffic patterns suggesting router compromise
Unexpected outbound connections from router

SIEM Query:

http.url:*formRemoteControl* AND http.method:POST AND http.param.Profile.size>1000

📊 Metadata

CVE ID: CVE-2025-11651

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.14% exploit probability (33.8th percentile)

Published: October 13, 2025

Last Updated: January 8, 2026

🔗 References

https://github.com/cymiao1978/cve/blob/main/13.md Exploit,Third Party Advisory
https://github.com/cymiao1978/cve/blob/main/13.md#poc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.328068 Permissions Required,VDB Entry
https://vuldb.com/?id.328068 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.664925 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11651, you might also want to check these: