CVE-2025-15090

A vulnerability was found in UTT  512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/cymiao1978/cve/blob/main/new/15.md
https://github.com/cymiao1978/cve/blob/main/new/15.md#poc
https://vuldb.com/?ctiid.338419
https://vuldb.com/?id.338419
https://vuldb.com/?submit.708349