CVE-2025-15428
Published: 02 January 2026
Summary
CVE-2025-15428 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 512W Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly validates the Profile argument in /goform/formRemoteControl to block oversized or malformed inputs that trigger the strcpy buffer overflow.
Implements memory protections such as stack canaries, ASLR, and DEP to prevent arbitrary code execution from the buffer overflow vulnerability.
Mandates timely identification, reporting, and patching of flaws like the unsafe strcpy function to remediate the buffer overflow before exploitation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing web form (/goform/formRemoteControl) directly enables remote code execution via T1190 Exploit Public-Facing Application.
NVD Description
A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been…
more
made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-15428 is a buffer overflow vulnerability affecting the UTT 进取 512W firmware version 1.7.7-171114. The flaw exists in the strcpy function within the /goform/formRemoteControl file, where manipulation of the Profile argument triggers the overflow. This issue aligns with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).
The vulnerability enables remote exploitation with low attack complexity and no user interaction required. Exploitation demands low privileges (PR:L) from an authenticated user, potentially allowing attackers to achieve high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Advisories from VulDB and a GitHub repository detail the issue, including a proof-of-concept exploit. The vendor was contacted early for disclosure but provided no response, and no patches or specific mitigations are referenced.
A public exploit is available, increasing the risk of real-world attacks against unpatched devices.
Details
- CWE(s)