CVE-2025-10171 in 1250GW
Summary
by MITRE • 09/10/2025
A vulnerability was detected in UTT 1250GW up to 3.2.2-200710. This vulnerability affects the function sub_453DC of the file /goform/formConfigApConfTemp. Performing manipulation results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/10/2025
The vulnerability identified as CVE-2025-10171 represents a critical buffer overflow condition within the UTT 1250GW firmware version 3.2.2-200710 and earlier releases. This flaw manifests specifically within the sub_453DC function located in the /goform/formConfigApConfTemp file, which serves as a critical component in the device's configuration handling mechanisms. The buffer overflow vulnerability arises from insufficient input validation and memory management practices within the affected software module, creating an exploitable condition that allows attackers to manipulate memory structures beyond their intended boundaries. The vulnerability's classification aligns with CWE-121, which describes stack-based buffer overflow conditions, and CWE-122, which addresses heap-based buffer overflow scenarios, indicating the potential for both stack and heap memory corruption during exploitation attempts. The attack surface is particularly concerning as it enables remote exploitation without requiring physical access or authentication credentials, making the device susceptible to widespread compromise across networked environments.
The operational impact of this vulnerability extends significantly beyond simple denial-of-service conditions, as successful exploitation could enable attackers to execute arbitrary code within the device's operational context. The remote exploitation capability means that adversaries can target vulnerable UTT 1250GW devices from external networks, potentially gaining unauthorized administrative access to the wireless access point configuration interfaces. This access could allow attackers to modify network settings, establish persistent backdoors, or redirect network traffic through malicious configuration changes. The vulnerability's exploitation requires manipulation of input parameters sent to the affected function, which likely occurs through the web-based administration interface or API endpoints that utilize the vulnerable formConfigApConfTemp functionality. The lack of vendor response to early disclosure attempts further compounds the security risk, as organizations may continue to operate vulnerable devices without adequate remediation guidance or patches.
The public availability of exploitation tools for this vulnerability significantly amplifies the threat landscape, as it removes the barrier to entry for potential attackers who may not possess advanced exploitation capabilities. This scenario aligns with ATT&CK technique T1210, which describes exploitation of remote services, and T1059, which covers command and scripting interface usage for executing malicious code. Organizations utilizing UTT 1250GW devices should immediately implement network segmentation and access controls to limit exposure to this vulnerability. The recommended mitigations include immediate firmware updates when available, disabling unnecessary network services, implementing network monitoring to detect anomalous traffic patterns, and establishing robust patch management procedures. Additionally, network administrators should consider implementing intrusion detection systems that can identify exploitation attempts targeting the specific vulnerable function and file path mentioned in the CVE description. The absence of vendor response creates a particularly challenging security environment where organizations must rely on community-driven research and third-party security advisories to understand and address the vulnerability effectively.