A vulnerability has been found in UTT 1250GW up to v2v3.2.2-200710. Affected by this vulnerability is the function strcpy of the file /goform/aspChangeChannel. The manipulation of the argument pvid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
| Link | Resource |
|---|---|
| https://github.com/cymiao1978/cve/blob/main/10.md | Broken Link Exploit |
| https://github.com/cymiao1978/cve/blob/main/10.md#poc | Broken Link Exploit |
| https://vuldb.com/?ctiid.327240 | Permissions Required VDB Entry |
| https://vuldb.com/?id.327240 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.664921 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
| AND |
|
History
08 Jan 2026, 16:02
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Utt
Utt 1250gw Firmware Utt 1250gw |
|
| References | () https://github.com/cymiao1978/cve/blob/main/10.md - Broken Link, Exploit | |
| References | () https://github.com/cymiao1978/cve/blob/main/10.md#poc - Broken Link, Exploit | |
| References | () https://vuldb.com/?ctiid.327240 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.327240 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.664921 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:o:utt:1250gw_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:utt:1250gw:2.0:*:*:*:*:*:*:* |
07 Oct 2025, 07:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-10-07 07:15
Updated : 2026-01-08 16:02
NVD link : CVE-2025-11355
Mitre link : CVE-2025-11355
CVE.ORG link : CVE-2025-11355
JSON object : View
Products Affected
utt
- 1250gw
- 1250gw_firmware