CVE-2025-11355 in 1250GW
Summary
by MITRE • 10/07/2025
A vulnerability has been found in UTT 1250GW up to v2v3.2.2-200710. Affected by this vulnerability is the function strcpy of the file /goform/aspChangeChannel. The manipulation of the argument pvid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 10/07/2025
The vulnerability identified as CVE-2025-11355 affects the UTT 1250GW device firmware version v2v3.2.2-200710 and earlier, representing a critical buffer overflow flaw within the device's network management interface. This issue manifests specifically within the /goform/aspChangeChannel file where the strcpy function is improperly utilized, creating a scenario where user-supplied input can exceed the allocated buffer space. The vulnerability is particularly concerning as it allows for remote exploitation, meaning an attacker can initiate the attack without requiring physical access to the device, significantly expanding the potential attack surface.
The technical implementation of this flaw involves the manipulation of the pvid argument which serves as the primary vector for buffer overflow exploitation. When an attacker provides an excessively long string value for pvid through the affected web form interface, the strcpy function copies this data without proper bounds checking, causing adjacent memory to be overwritten. This type of vulnerability falls under CWE-121, which specifically addresses stack-based buffer overflow conditions, and also aligns with CWE-787, describing out-of-bounds write vulnerabilities. The absence of input validation and proper boundary checking creates a direct pathway for attackers to execute arbitrary code or cause denial of service conditions.
The operational impact of this vulnerability extends beyond simple exploitation as it represents a significant security risk for network infrastructure devices. Remote code execution capabilities could enable attackers to gain full administrative control over the UTT 1250GW device, potentially allowing them to modify network configurations, intercept traffic, or establish persistent access points within the network. The fact that this exploit has been publicly disclosed and is actively being used increases the urgency for remediation, as threat actors are already leveraging this weakness. Additionally, the vendor's lack of response to early disclosure attempts creates a dangerous gap in security coverage, leaving affected organizations without official patches or mitigation guidance.
Organizations utilizing affected UTT 1250GW devices should implement immediate network segmentation and access controls to limit exposure to this vulnerability. The recommended mitigation strategies include disabling unnecessary web management interfaces, implementing network access control lists to restrict access to the device's administrative ports, and monitoring for suspicious network traffic patterns that may indicate exploitation attempts. From an ATT&CK framework perspective, this vulnerability maps to techniques such as T1210 - Exploitation of Remote Services and T1059 - Command and Scripting Interpreter, as attackers could leverage the buffer overflow to execute arbitrary commands on the device. The lack of vendor response also highlights the importance of maintaining internal security monitoring capabilities and having contingency plans for unsupported vulnerable devices, particularly in critical infrastructure environments where device reliability and security are paramount.