CVE-2025-10756
Published: 20 September 2025
Summary
CVE-2025-10756 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 840G Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 41.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents buffer overflow by enforcing validation of the manipulated tempName argument in the /goform/getOneApConfTempEntry endpoint.
Requires timely identification, prioritization, and remediation of the buffer overflow flaw, including firmware patching when available despite vendor non-response.
Implements memory protections such as ASLR and non-executable memory to mitigate arbitrary code execution from successful buffer overflows.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing router web form (/goform endpoint) directly enables remote exploitation of a network device for arbitrary code execution.
NVD Description
A security flaw has been discovered in UTT HiPER 840G up to 3.1.1-190328. Impacted is an unknown function of the file /goform/getOneApConfTempEntry. The manipulation of the argument tempName results in buffer overflow. It is possible to launch the attack remotely.…
more
The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-10756 is a buffer overflow vulnerability (CWE-119, CWE-120) in the UTT HiPER 840G router firmware versions up to 3.1.1-190328. The flaw affects an unknown function in the /goform/getOneApConfTempEntry file, where manipulation of the tempName argument triggers the overflow. It carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-09-20.
Attackers with low privileges (PR:L) can exploit the vulnerability remotely over the network with low attack complexity and no user interaction. Successful exploitation results in high impacts to confidentiality, integrity, and availability, potentially enabling arbitrary code execution or system compromise.
VulDB advisories (ctiid.325111, id.325111) and a GitHub repository detail the issue, including a proof-of-concept exploit. The vendor was contacted early about the disclosure but did not respond, and no patches or mitigations are available.
The exploit has been publicly released, increasing the likelihood of active exploitation.
Details
- CWE(s)