CVE-2025-70998
Published: 18 February 2026
Summary
CVE-2025-70998 is a critical-severity Initialization of a Resource with an Insecure Default (CWE-1188) vulnerability in Utt 810 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Default Accounts (T1078.001); ranked at the 48.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires changing default authenticators prior to first use, eliminating the insecure default credentials exploited for root access.
Prohibits or restricts unnecessary services like telnet, preventing remote exploitation of the vulnerable service.
Establishes usage restrictions and authorization for remote access, enabling disablement or securing of telnet to block unauthenticated root access.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Insecure default credentials on exposed telnet service enable T1078.001 (Default Accounts) for initial access, T1190 (Exploit Public-Facing Application) as a remotely exploitable service vulnerability, and T1059.008 (Network Device CLI) for arbitrary command execution with root privileges.
NVD Description
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.
Deeper analysisAI
CVE-2025-70998 is a vulnerability in the UTT HiPER 810 / nv810v4 router firmware version v1.5.0-140603, stemming from insecure default credentials exposed via the telnet service. This flaw, classified under CWE-1188, enables a remote attacker to potentially gain root access by leveraging a crafted script. The issue carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility and high impact.
Any remote attacker can exploit this vulnerability without requiring authentication privileges, user interaction, or special conditions beyond network reachability. Exploitation allows full root-level compromise, providing high confidentiality, integrity, and availability impacts, such as executing arbitrary commands, modifying configurations, or disrupting router operations.
Details on the vulnerability, including a proof-of-concept exploit script, are documented in the GitHub repository at https://github.com/cha0yang1/UTT-nv810v4-telnet-backdoor. No vendor advisories or patch information are specified in the available references.
Details
- CWE(s)