Vulnerability Description
A vulnerability was determined in UTT HiPER 2620G up to 3.1.4. Impacted is the function strcpy of the file /goform/fNTP. This manipulation of the argument NTPServerIP causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Utt | 2620G Firmware | <= 3.1.4 |
| Utt | 2620G | - |
Related Weaknesses (CWE)
References
- https://github.com/ashin9/CVE/issues/2ExploitIssue TrackingThird Party Advisory
- https://vuldb.com/?ctiid.328070Permissions RequiredVDB Entry
- https://vuldb.com/?id.328070Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.665712Third Party AdvisoryVDB Entry
- https://github.com/ashin9/CVE/issues/2ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2025-11653?
CVE-2025-11653 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability was determined in UTT HiPER 2620G up to 3.1.4. Impacted is the function strcpy of the file /goform/fNTP. This manipulation of the argument NTPServerIP causes buffer overflow. It is pos...
How severe is CVE-2025-11653?
CVE-2025-11653 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11653?
Check the references section above for vendor advisories and patch information. Affected products include: Utt 2620G Firmware, Utt 2620G.