CVE-2025-7116: Critical Buffer Overflow Vulnerability in UTT 进取 750W

Overview

CVE-2025-7116 is a critical vulnerability found in UTT 进取 750W, versions up to 3.2.2-191225, that could lead to potential system compromise or data leakage. This vulnerability, which is located in an unidentified part of the file /goform/Fast_wireless_conf, comes into play when the argument ssid is manipulated, leading to a buffer overflow. This vulnerability is of particular concern because it can be initiated remotely and the exploit has been disclosed publicly, increasing the risk of attack. Although the vendor was notified about this vulnerability, there has been no response, leaving systems still at risk.

Vulnerability Summary

CVE ID: CVE-2025-7116
Severity: Critical (CVSS 8.8)
Attack Vector: Remote
Privileges Required: None
User Interaction: None
Impact: Potential system compromise or data leakage

Affected Products

Product | Affected Versions

UTT 进取 750W | Up to 3.2.2-191225

How the Exploit Works

The exploit takes advantage of a buffer overflow vulnerability in the /goform/Fast_wireless_conf file of the UTT 进取 750W wireless system. The attacker manipulates the ssid argument, causing an overflow in the buffer, which could allow the execution of arbitrary code or cause the system to crash. The attack can be initiated remotely and does not require any user interaction.

Conceptual Example Code

Given the nature of the vulnerability, an exploit might look similar to this:

POST /goform/Fast_wireless_conf HTTP/1.1
Host: target.example.com
Content-Type: application/json
{ "ssid": "A"*5000 }

In the above conceptual example, we’re sending an extraordinarily long string of “A” characters (5000, in this case) as the ssid value. This extra-long string is designed to overflow the buffer, which can potentially lead to arbitrary code execution or a system crash.