CVE-2025-6098

EUVD-2025-18354

16.06.2025, 01:15

A vulnerability was found in UTT 进取 750W up to 5.0. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VulDB	CNA	9.8 CRITICAL				CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Base Score

CVSS 3.x

EPSS Score

Percentile: 41%

Affected Products (NVD)

Vendor	Product	Version
utt	750w_firmware	𝑥 ≤ 5.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://github.com/newym/cve/blob/main/utt1.md

https://github.com/newym/cve/blob/main/utt1.md#poc

https://vuldb.com/?ctiid.312567

https://vuldb.com/?id.312567

https://vuldb.com/?submit.589437