← Back
2025-12-25 23:2CVE-2025-15090VulDB
PUBLISHED5.2CWE-120CWE-119

UTT 进取 512W formConfigNoticeConfig strcpy buffer overflow

A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.

Problem type

Affected products

UTT

进取 512W

1.7.7-171114 - AFFECTED

References

VDB-338419 | UTT 进取 512W formConfigNoticeConfig strcpy buffer overflow

https://vuldb.com/?id.338419

vdb-entrytechnical-description
VDB-338419 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/?ctiid.338419

signaturepermissions-required
Submit #708349 | UTT 进取 512W v3v1.7.7-171114 Buffer Overflow

https://vuldb.com/?submit.708349

third-party-advisory
github.com

https://github.com/cymiao1978/cve/blob/main/new/15.md

related
github.com

https://github.com/cymiao1978/cve/blob/main/new/15.md#poc

exploit

GitHub Security Advisories

GHSA-4v76-jcg6-9p6m

A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the...

https://github.com/advisories/GHSA-4v76-jcg6-9p6m

A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2025-15090

github.com

https://github.com/cymiao1978/cve/blob/main/new/15.md

github.com

https://github.com/cymiao1978/cve/blob/main/new/15.md#poc

vuldb.com

https://vuldb.com/?ctiid.338419

vuldb.com

https://vuldb.com/?id.338419

vuldb.com

https://vuldb.com/?submit.708349

github.com

https://github.com/advisories/GHSA-4v76-jcg6-9p6m

JSON source

https://cveawg.mitre.org/api/cve/CVE-2025-15090
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2025-15090",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2025-12-25T23:02:05.854Z",
    "dateReserved": "2025-12-25T12:42:28.119Z",
    "datePublished": "2025-12-25T23:02:05.854Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2025-12-25T23:02:05.854Z"
      },
      "title": "UTT 进取 512W formConfigNoticeConfig strcpy buffer overflow",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used."
        }
      ],
      "affected": [
        {
          "vendor": "UTT",
          "product": "进取 512W",
          "versions": [
            {
              "version": "1.7.7-171114",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Buffer Overflow",
              "cweId": "CWE-120",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Memory Corruption",
              "cweId": "CWE-119",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.338419",
          "name": "VDB-338419 | UTT 进取 512W formConfigNoticeConfig strcpy buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.338419",
          "name": "VDB-338419 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.708349",
          "name": "Submit #708349 | UTT 进取 512W v3v1.7.7-171114 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/cymiao1978/cve/blob/main/new/15.md",
          "tags": [
            "related"
          ]
        },
        {
          "url": "https://github.com/cymiao1978/cve/blob/main/new/15.md#poc",
          "tags": [
            "exploit"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "baseScore": 9
          }
        }
      ],
      "timeline": [
        {
          "time": "2025-12-25T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2025-12-25T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2025-12-25T13:47:40.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "cymiao (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}