CVE-2025-10170
Published: 09 September 2025
Summary
CVE-2025-10170 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 1200Gw Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 49.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates the loadBalanceNameOld argument in /goform/formApLbConfig to prevent buffer overflow from malicious input manipulation.
Implements memory protections like stack canaries or ASLR to block unauthorized code execution from the buffer overflow in sub_4B48F8.
Requires timely remediation of the buffer overflow flaw in UTT 1200GW firmware up to 3.0.0-170831 to eliminate exploitability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public web form (/goform/formApLbConfig) enables remote exploitation of a network device for RCE.
NVD Description
A security vulnerability has been detected in UTT 1200GW up to 3.0.0-170831. This affects the function sub_4B48F8 of the file /goform/formApLbConfig. Such manipulation of the argument loadBalanceNameOld leads to buffer overflow. The attack may be launched remotely. The exploit has…
more
been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-10170 is a buffer overflow vulnerability affecting UTT 1200GW devices running firmware versions up to 3.0.0-170831. The issue resides in the sub_4B48F8 function within the /goform/formApLbConfig file, where manipulation of the loadBalanceNameOld argument triggers the overflow. Classified under CWE-119 and CWE-120, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact.
The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring network access and low complexity with no user interaction needed. Successful exploitation allows the attacker to achieve high levels of confidentiality, integrity, and availability impacts, potentially enabling arbitrary code execution, data compromise, or denial of service on the affected device.
Advisories from sources like VulDB and a related GitHub repository detail the vulnerability and include a publicly disclosed exploit. The vendor was notified early but has not responded or issued any patches or mitigations as of the latest information.
Notable context includes the public availability of the exploit, which may facilitate active use against unpatched UTT 1200GW devices.
Details
- CWE(s)