CVE-2025-11652 – A buffer overflow vulnerability in UTT 进取 5... (How to Fix)

Q: What is the severity of CVE-2025-11652?

CVE-2025-11652 has a CVSS score of 8.8 (HIGH). A buffer overflow vulnerability in UTT 进取 518G routers allows remote attackers to execute arbitrary code by manipulating the txtMin2 parameter in the /goform/formTaskEdit_ap endpoint. This affects all versions up to V3v3.2.7-210919-161313. Organizations using these routers are at risk of complete system compromise.

📋 TL;DR

A buffer overflow vulnerability in UTT 进取 518G routers allows remote attackers to execute arbitrary code by manipulating the txtMin2 parameter in the /goform/formTaskEdit_ap endpoint. This affects all versions up to V3v3.2.7-210919-161313. Organizations using these routers are at risk of complete system compromise.

💻 Affected Systems

Products:

UTT 进取 518G router

Versions: All versions up to V3v3.2.7-210919-161313

Operating Systems: Embedded router OS

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable endpoint /goform/formTaskEdit_ap appears to be accessible by default. No special configuration required for exploitation.

📦 What is this software?

518g Firmware by Utt

View all CVEs affecting 518g Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full router compromise, network infiltration, data exfiltration, and persistent backdoor installation.

🟠

Likely Case

Router takeover enabling man-in-the-middle attacks, credential theft, and network disruption.

🟢

If Mitigated

Limited impact if routers are behind firewalls with strict inbound filtering and network segmentation.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit code exists.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this if they have network access to the router.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept exploit is available on GitHub. The vulnerability requires no authentication and has straightforward exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider replacing affected routers with supported alternatives.

🔧 Temporary Workarounds

Block vulnerable endpoint

linux

Use firewall rules to block access to /goform/formTaskEdit_ap endpoint

iptables -A INPUT -p tcp --dport 80 -m string --string "/goform/formTaskEdit_ap" --algo bm -j DROP
iptables -A INPUT -p tcp --dport 443 -m string --string "/goform/formTaskEdit_ap" --algo bm -j DROP

Network segmentation

all

Isolate affected routers in separate VLANs with strict access controls

🧯 If You Can't Patch

Replace affected routers with supported models from different vendors
Implement strict network segmentation and monitor all traffic to/from affected devices

🔍 How to Verify

Check if Vulnerable:

Check router web interface or CLI for firmware version. If version is V3v3.2.7-210919-161313 or earlier, device is vulnerable.

Check Version:

Check router web interface at System Status > Firmware Version or use SNMP query

Verify Fix Applied:

No official fix available. Workaround verification involves testing that /goform/formTaskEdit_ap endpoint is inaccessible.

📡 Detection & Monitoring

Log Indicators:

HTTP requests to /goform/formTaskEdit_ap with long txtMin2 parameter values
Unusual process creation or memory errors in router logs

Network Indicators:

HTTP POST requests to router IP with /goform/formTaskEdit_ap path
Unusual outbound connections from router

SIEM Query:

source="router_logs" AND (uri="/goform/formTaskEdit_ap" OR (http_method="POST" AND uri CONTAINS "formTaskEdit_ap"))

📊 Metadata

CVE ID: CVE-2025-11652

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.14% exploit probability (33.8th percentile)

Published: October 13, 2025

Last Updated: January 8, 2026

🔗 References

https://github.com/cymiao1978/cve/blob/main/14.md Exploit,Third Party Advisory
https://github.com/cymiao1978/cve/blob/main/14.md#poc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.328069 Permissions Required,VDB Entry
https://vuldb.com/?id.328069 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.664926 Third Party Advisory,VDB Entry
https://github.com/cymiao1978/cve/blob/main/14.md Exploit,Third Party Advisory
https://github.com/cymiao1978/cve/blob/main/14.md#poc Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11652, you might also want to check these: