Cyber Resilience

CVE-2025-70998

CriticalPublic PoC

Published: 18 February 2026

Published
18 February 2026
Modified
19 February 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0042 33.9th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-70998 is a critical-severity Initialization of a Resource with an Insecure Default (CWE-1188) vulnerability in Utt 810 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 33.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2025-70998 is a vulnerability in the UTT HiPER 810 / nv810v4 router firmware version v1.5.0-140603, stemming from insecure default credentials exposed via the telnet service. This flaw, classified under CWE-1188, enables a remote attacker to potentially gain root access by leveraging a crafted script. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high impact.

Any remote attacker can exploit this vulnerability without requiring authentication privileges, user interaction, or special conditions beyond network reachability. Exploitation allows full root-level compromise, providing high confidentiality, integrity, and availability impacts, such as executing arbitrary commands, modifying configurations, or disrupting router operations.

Details on the vulnerability, including a proof-of-concept exploit script, are documented in the GitHub repository at https://github.com/cha0yang1/UTT-nv810v4-telnet-backdoor. No vendor advisories or patch information are specified in the available references.

EU & UK References

Vulnerability details

UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1078.001 Default Accounts Stealth
Adversaries may obtain and abuse credentials of a default account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

Insecure default credentials on exposed telnet service enable T1078.001 (Default Accounts) for initial access, T1190 (Exploit Public-Facing Application) as a remotely exploitable service vulnerability, and T1059.008 (Network Device CLI) for arbitrary command execution with root privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-1162Same product: Utt 810
CVE-2026-2080Same product: Utt 810
CVE-2026-2118Same product: Utt 810
CVE-2026-2135Same product: Utt 810
CVE-2025-14572Same vendor: Utt
CVE-2025-15462Same vendor: Utt
CVE-2026-0836Same vendor: Utt
CVE-2025-15090Same vendor: Utt
CVE-2025-10169Same vendor: Utt
CVE-2026-2066Same vendor: Utt

Affected Assets

utt
810 firmware
1.5.0-140603

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires changing default authenticators prior to first use, eliminating the insecure default credentials exploited for root access.

prevent

Prohibits or restricts unnecessary services like telnet, preventing remote exploitation of the vulnerable service.

AC-17 Remote Access partial match
prevent

Establishes usage restrictions and authorization for remote access, enabling disablement or securing of telnet to block unauthenticated root access.

References