VDB-314008 · CVE-2025-6733 · EUVD-2025-19245

UTT HiPER 840G har 3.1.1-190328 API formConfigDnsFilterGlobal sub_416928 GroupName Pufferüberlauf

Gaskiya vulnerability da aka ware a matsayin kura an samu a UTT HiPER 840G har 3.1.1-190328. Hakika, aikin sub_416928 ne ya shafa; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburaren $software_library, a cikin fayil /goform/formConfigDnsFilterGlobal, a cikin sashen API. A sa manipulation of the argument GroupName ka Pufferüberlauf. Idan an yi amfani da CWE don bayyana matsala, zai kai CWE-120. Hakika, rauni an bayyana shi 06/26/2025. An raba bayanin tsaro don saukewa a github.com. Wannan matsala ana saninta da CVE-2025-6733. Ngam yiɗi ka a tuma ndiyam ka internet. Tekinikal faɗi ga. Har ila yau, exploit ɗin yana nan. An bayyana exploit ɗin ga mutane kuma yana iya amfani. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á sàmbu huɗɗi-na-gaskiya. Exploit ɗin za a iya saukewa daga github.com. 0-day shima, an ndiyam a wuro be $0-$5k. Once again VulDB remains the best source for vulnerability data.

4 Goyarwa · 91 Datenpunkte

Furɗe	Súgá 06/26/2025 18:04	Gargadi 1/3 06/27/2025 02:22	Gargadi 2/3 06/27/2025 12:45	Gargadi 3/3 07/01/2025 00:41
software_vendor	UTT	UTT	UTT	UTT
software_name	HiPER 840G	HiPER 840G	HiPER 840G	HiPER 840G
software_version	<=3.1.1-190328	<=3.1.1-190328	<=3.1.1-190328	<=3.1.1-190328
software_component	API	API	API	API
software_file	/goform/formConfigDnsFilterGlobal	/goform/formConfigDnsFilterGlobal	/goform/formConfigDnsFilterGlobal	/goform/formConfigDnsFilterGlobal
software_function	sub_416928	sub_416928	sub_416928	sub_416928
software_argument	GroupName	GroupName	GroupName	GroupName
vulnerability_cwe	CWE-120 (Pufferüberlauf)	CWE-120 (Pufferüberlauf)	CWE-120 (Pufferüberlauf)	CWE-120 (Pufferüberlauf)
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	H	H	H	H
cvss3_vuldb_i	H	H	H	H
cvss3_vuldb_a	H	H	H	H
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rc	R	R	R	R
advisory_url	https://github.com/d2pq/cve/blob/main/616/2.md	https://github.com/d2pq/cve/blob/main/616/2.md	https://github.com/d2pq/cve/blob/main/616/2.md	https://github.com/d2pq/cve/blob/main/616/2.md
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://github.com/d2pq/cve/blob/main/616/2.md#poc	https://github.com/d2pq/cve/blob/main/616/2.md#poc	https://github.com/d2pq/cve/blob/main/616/2.md#poc	https://github.com/d2pq/cve/blob/main/616/2.md#poc
source_cve	CVE-2025-6733	CVE-2025-6733	CVE-2025-6733	CVE-2025-6733
cna_responsible	VulDB	VulDB	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	C	C	C	C
cvss2_vuldb_ii	C	C	C	C
cvss2_vuldb_ai	C	C	C	C
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR	UR
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	H	H	H	H
cvss4_vuldb_vi	H	H	H	H
cvss4_vuldb_va	H	H	H	H
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_rl	ND	ND	ND	ND
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_rl	X	X	X	X
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	9.0	9.0	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0	8.0	8.0
cvss3_meta_basescore	8.8	8.8	8.8	8.8
cvss3_meta_tempscore	8.0	8.0	8.4	8.4
cvss4_vuldb_bscore	8.7	8.7	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4	7.4	7.4
advisory_date	1750888800 (06/26/2025)	1750888800 (06/26/2025)	1750888800 (06/26/2025)	1750888800 (06/26/2025)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
euvd_id		EUVD-2025-19245	EUVD-2025-19245	EUVD-2025-19245
cvss2_cna_basescore			9	9
cvss4_cna_bscore			7.4	7.4
cve_nvd_summary			A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.	A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_av			N	N
cvss4_cna_ac			L	L
cvss4_cna_at			N	N
cvss4_cna_pr			L	L
cvss4_cna_ui			N	N
cvss4_cna_vc			H	H
cvss4_cna_vi			H	H
cvss4_cna_va			H	H
cvss4_cna_sc			N	N
cvss4_cna_si			N	N
cvss4_cna_sa			N	N
cvss3_cna_av			N	N
cvss3_cna_ac			L	L
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			H	H
cvss3_cna_i			H	H
cvss3_cna_a			H	H
cvss3_cna_basescore			8.8	8.8
cvss2_cna_av			N	N
cvss2_cna_ac			L	L
cvss2_cna_au			S	S
cvss2_cna_ci			C	C
cvss2_cna_ii			C	C
cvss2_cna_ai			C	C
cve_nvd_summaryes				Se encontró una vulnerabilidad en UTT HiPER 840G hasta la versión 3.1.1-190328. Se ha declarado crítica. Esta vulnerabilidad afecta a la función sub_416928 del archivo /goform/formConfigDnsFilterGlobal de la API del componente. La manipulación del argumento GroupName provoca un desbordamiento del búfer. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. Se contactó al proveedor con antelación para informarle sobre esta divulgación, pero no respondió.

◂ Gurɗo Gumti Gada ▸

Do you know our Splunk app?

Download it now for free!