CVE-2025-10169 in 1200GW
Summary
by MITRE • 09/10/2025
A weakness has been identified in UTT 1200GW up to 3.0.0-170831. Affected by this issue is some unknown functionality of the file /goform/ConfigWirelessBase. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 09/10/2025
The vulnerability CVE-2025-10169 represents a critical buffer overflow flaw in the UTT 1200GW wireless access point firmware version 3.0.0-170831 and earlier. This issue resides within the /goform/ConfigWirelessBase file which handles wireless configuration parameters, specifically the ssid argument that controls the wireless network name. The buffer overflow occurs when an attacker manipulates the ssid parameter through a remote HTTP request, allowing arbitrary code execution and complete system compromise. This vulnerability falls under CWE-121 which describes stack-based buffer overflow conditions where insufficient bounds checking allows attackers to overwrite adjacent memory locations. The attack vector is remotely exploitable through the web interface, making it particularly dangerous as no physical access or local network presence is required for exploitation.
The operational impact of this vulnerability extends beyond simple system compromise to encompass full network infiltration capabilities. An attacker could leverage this buffer overflow to execute arbitrary commands on the affected device, potentially gaining root access to the wireless access point's operating system. This would enable malicious actors to modify wireless configurations, redirect traffic, establish backdoors, or use the compromised device as a pivot point for attacking other systems within the network. The public availability of exploit code significantly amplifies the risk, as demonstrated by the vendor's lack of response to early disclosure attempts. This delay in vendor communication creates a window of opportunity for threat actors to develop and deploy malicious payloads against unpatched systems, with potential for widespread impact across organizations utilizing this specific hardware model.
Mitigation strategies for CVE-2025-10169 should prioritize immediate firmware updates from the vendor if available, though the lack of vendor response suggests this may not be forthcoming. Network segmentation and firewall rules should be implemented to restrict access to the wireless access point's web interface, particularly limiting administrative access to trusted networks only. The principle of least privilege should be enforced by disabling unnecessary services and reducing the attack surface through proper configuration management. Security monitoring should include detection of unusual network traffic patterns and unauthorized configuration changes to the wireless access point. Organizations should also implement network intrusion detection systems capable of identifying exploitation attempts targeting the specific endpoint /goform/ConfigWirelessBase. According to ATT&CK framework, this vulnerability maps to T1059.007 for command and scripting interpreter and T1068 for exploit for privilege escalation, making it a critical target for defensive security measures. Regular vulnerability assessments and penetration testing should be conducted to identify similar flaws in other network infrastructure components, ensuring comprehensive protection against similar remote code execution vulnerabilities.