CVE-2025-10172 in 750W
Summary
by MITRE • 09/10/2025
A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing of the file /goform/formPictureUrl. Executing manipulation of the argument importpictureurl can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 09/10/2025
The vulnerability identified as CVE-2025-10172 represents a critical buffer overflow flaw in UTT 750W firmware versions up to 3.2.2-191225. This issue manifests within the web interface processing logic at the specific endpoint /goform/formPictureUrl which handles picture URL configuration. The vulnerability arises from inadequate input validation when processing the importpictureurl argument, creating an exploitable condition that allows attackers to manipulate memory layout through crafted malicious input. The affected device operates as a networked security appliance or surveillance system that processes user-supplied data through its web-based management interface, making it susceptible to remote exploitation without requiring physical access or authentication.
The technical implementation of this vulnerability follows CWE-121 CWE-122 and CWE-787 which classify it as a buffer overflow condition where insufficient bounds checking allows memory corruption. When an attacker sends a specially crafted request containing an excessively long importpictureurl parameter to the vulnerable endpoint, the application fails to properly validate the input length before copying it into a fixed-size buffer. This results in memory overwrite conditions that can potentially lead to arbitrary code execution, system instability, or complete device compromise. The remote exploitation capability means attackers can leverage this vulnerability from outside the network perimeter, making it particularly dangerous for devices deployed in untrusted network environments. The published exploit demonstrates that this vulnerability is not theoretical but actively being used in the wild, indicating a mature attack vector with real-world threat implications.
The operational impact of this vulnerability extends beyond simple device compromise to include potential data breaches, service disruption, and lateral movement within network environments. Organizations deploying UTT 750W devices may face unauthorized access to surveillance footage, configuration changes, or use of the device as a pivot point for attacking other networked systems. The lack of vendor response to early disclosure attempts creates additional risk as there are no official patches or mitigations available, leaving affected systems vulnerable to exploitation. This situation aligns with ATT&CK technique T1210 which covers exploitation of remote services, and T1071.004 which covers application layer protocol manipulation. The vulnerability affects network security infrastructure devices that may be used for monitoring and control purposes, potentially compromising security operations and incident response capabilities.
Mitigation strategies for this vulnerability should include immediate network segmentation and access control implementation to limit exposure of affected devices to untrusted networks. Network administrators should deploy intrusion detection systems with signatures targeting the specific vulnerable endpoint and parameter combinations. Device firmware should be updated immediately upon vendor release of patches, though current availability is limited due to the vendor's lack of response. Alternative mitigations include implementing web application firewalls with content filtering rules that restrict input length for the importpictureurl parameter and disabling unnecessary web management interfaces when not actively required. Organizations should conduct comprehensive network scans to identify all affected UTT 750W devices and implement monitoring procedures to detect potential exploitation attempts. The vulnerability highlights the importance of maintaining vendor communication channels and having contingency plans for situations where vendors fail to respond to security disclosures, as this represents a significant risk to operational security and network integrity.