Login Sign Up

CVE-2025-14572

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code or cause denial of service through memory corruption in UTT 进取 512W devices. Attackers can exploit this by manipulating the hidcontact parameter in the /goform/formWebAuthGlobalConfig endpoint. All users of affected UTT 进取 512W devices up to version 1.7.7-171114 are vulnerable.

💻 Affected Systems

Products:
  • UTT 进取 512W
Versions: Up to and including 1.7.7-171114
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with the vulnerable firmware version are affected regardless of configuration.

📦 What is this software?

512w Firmware by Utt

View all CVEs affecting 512w Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, and potential lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to install malware, create backdoors, or disrupt device functionality.

🟢

If Mitigated

Denial of service or device instability if exploitation attempts are partially blocked.

🌐 Internet-Facing: HIGH - Remote exploitation is possible and public exploit exists.
🏢 Internal Only: HIGH - Even internally accessible devices are vulnerable to network-based attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly available on GitHub, making weaponization likely. No authentication required for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Vendor did not respond to disclosure. Consider workarounds or replacement.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from internet and restrict network access to trusted sources only.

Web Interface Disable

all

Disable the web management interface if not required for operation.

🧯 If You Can't Patch

  • Replace affected devices with updated or alternative hardware
  • Implement strict network access controls and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via web interface or CLI. If version is 1.7.7-171114 or earlier, device is vulnerable.

Check Version:

Check via web interface at device IP or use manufacturer-specific CLI commands if available.

Verify Fix Applied:

No official fix available to verify. Monitor vendor for updates.

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to /goform/formWebAuthGlobalConfig with manipulated parameters
  • Memory error logs or device crashes

Network Indicators:

  • HTTP POST requests to /goform/formWebAuthGlobalConfig with suspicious hidcontact parameter values

SIEM Query:

http.url:*formWebAuthGlobalConfig* AND http.method:POST AND http.param.hidcontact:*

📊 Metadata

CVE ID: CVE-2025-14572
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
EPSS Score: 0.11% exploit probability (29.6th percentile)
Published: December 12, 2025
Last Updated: January 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14572, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)