CVE-2025-6734 – A critical buffer overflow vulnerability in UTT... (How to Fix)

Q: What is the severity of CVE-2025-6734?

CVE-2025-6734 has a CVSS score of 8.8 (HIGH). A critical buffer overflow vulnerability in UTT HiPER 840G routers allows remote attackers to execute arbitrary code by sending specially crafted requests to the API's formP2PLimitConfig endpoint. This affects all versions up to 3.1.1-190328. Attackers can potentially take full control of affected devices.

📋 TL;DR

A critical buffer overflow vulnerability in UTT HiPER 840G routers allows remote attackers to execute arbitrary code by sending specially crafted requests to the API's formP2PLimitConfig endpoint. This affects all versions up to 3.1.1-190328. Attackers can potentially take full control of affected devices.

💻 Affected Systems

Products:

UTT HiPER 840G

Versions: All versions up to and including 3.1.1-190328

Operating Systems: Embedded router OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the API component specifically in the formP2PLimitConfig endpoint. No special configuration required for exploitation.

📦 What is this software?

840g Firmware by Utt

View all CVEs affecting 840g Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to persistent backdoor installation, network traffic interception, lateral movement to internal networks, and use as botnet node.

🟠

Likely Case

Remote code execution allowing attackers to modify device configuration, intercept traffic, or disrupt network services.

🟢

If Mitigated

Limited impact if device is behind firewall with strict API access controls, though buffer overflow could still cause service disruption.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and public exploit code exists.

🏢 Internal Only: HIGH - Even internally, the API endpoint is typically accessible and vulnerable to exploitation.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept exploit code is publicly available on GitHub. The vulnerability requires no authentication and is straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider replacing affected devices or implementing strict network controls.

🔧 Temporary Workarounds

Network Access Control

linux

Block external access to the router's management interface and API endpoints

iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
iptables -A INPUT -p tcp --dport 8080 -j DROP

API Endpoint Disable

all

Disable the vulnerable API endpoint if possible through configuration

🧯 If You Can't Patch

Isolate affected routers in separate network segments with strict firewall rules
Implement network monitoring for unusual API requests to /goform/formP2PLimitConfig

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface or CLI. If version is 3.1.1-190328 or earlier, device is vulnerable.

Check Version:

Check web interface at http://[router-ip]/ or use telnet/ssh to access CLI and check version

Verify Fix Applied:

No official fix available to verify. Monitor for vendor updates and check version after any potential update.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/formP2PLimitConfig
Large payloads in API requests
Device reboot or configuration changes without authorization

Network Indicators:

Unusual outbound connections from router
Traffic spikes from router to unknown destinations
API requests with abnormal 'except' parameter values

SIEM Query:

source="router" AND (url="/goform/formP2PLimitConfig" OR method="POST" AND uri CONTAINS "formP2PLimitConfig")

📊 Metadata

CVE ID: CVE-2025-6734

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

EPSS Score: 0.34% exploit probability (56.1th percentile)

Published: June 26, 2025

Last Updated: January 8, 2026

🔗 References

https://github.com/d2pq/cve/blob/main/616/3.md Exploit,Third Party Advisory
https://github.com/d2pq/cve/blob/main/616/3.md#poc Exploit,Third Party Advisory
https://vuldb.com/?ctiid.314009 Permissions Required,VDB Entry
https://vuldb.com/?id.314009 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.597679 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6734, you might also want to check these: