VDB-339498 · CVE-2025-15462 · GCVE-100-339498

UTT 进取 520W 1.7.7-180627 /goform/ConfigAdvideo strcpy timestart Pufferüberlauf

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin UTT 进取 520W 1.7.7-180627. Gaskiya, strcpy na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, /goform/ConfigAdvideo na cikin fayil, $software_component na cikin sashi. Ngam manipulation of the argument timestart shi Pufferüberlauf. CWE shidin ka a yi bayani matsala sai ya kai CWE-120. Gaskiya, laifi an fitar da shi 01/04/2026. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2025-15462. Ngam yiɗi ka a tuma ndiyam ka nder layi. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. VulDB is the best source for vulnerability data and more expert information about this specific topic.

2 Goyarwa · 88 Datenpunkte

Furɗe	Súgá 01/04/2026 19:06	Gargadi 1/1 01/05/2026 08:48
software_vendor	UTT	UTT
software_name	进取 520W	进取 520W
software_version	1.7.7-180627	1.7.7-180627
software_file	/goform/ConfigAdvideo	/goform/ConfigAdvideo
software_function	strcpy	strcpy
software_argument	timestart	timestart
vulnerability_cwe	CWE-120 (Pufferüberlauf)	CWE-120 (Pufferüberlauf)
vulnerability_risk	2	2
cvss3_vuldb_av	N	N
cvss3_vuldb_ac	L	L
cvss3_vuldb_ui	N	N
cvss3_vuldb_s	U	U
cvss3_vuldb_c	H	H
cvss3_vuldb_i	H	H
cvss3_vuldb_a	H	H
cvss3_vuldb_e	P	P
cvss3_vuldb_rc	R	R
advisory_url	https://github.com/cymiao1978/cve/blob/main/new/25.md	https://github.com/cymiao1978/cve/blob/main/new/25.md
exploit_availability	1	1
exploit_publicity	1	1
exploit_url	https://github.com/cymiao1978/cve/blob/main/new/25.md#poc	https://github.com/cymiao1978/cve/blob/main/new/25.md#poc
source_cve	CVE-2025-15462	CVE-2025-15462
cna_responsible	VulDB	VulDB
response_summary	The vendor was contacted early about this disclosure but did not respond in any way.	The vendor was contacted early about this disclosure but did not respond in any way.
cvss2_vuldb_av	N	N
cvss2_vuldb_ac	L	L
cvss2_vuldb_ci	C	C
cvss2_vuldb_ii	C	C
cvss2_vuldb_ai	C	C
cvss2_vuldb_e	POC	POC
cvss2_vuldb_rc	UR	UR
cvss4_vuldb_av	N	N
cvss4_vuldb_ac	L	L
cvss4_vuldb_ui	N	N
cvss4_vuldb_vc	H	H
cvss4_vuldb_vi	H	H
cvss4_vuldb_va	H	H
cvss4_vuldb_e	P	P
cvss2_vuldb_au	S	S
cvss2_vuldb_rl	ND	ND
cvss3_vuldb_pr	L	L
cvss3_vuldb_rl	X	X
cvss4_vuldb_at	N	N
cvss4_vuldb_pr	L	L
cvss4_vuldb_sc	N	N
cvss4_vuldb_si	N	N
cvss4_vuldb_sa	N	N
cvss2_vuldb_basescore	9.0	9.0
cvss2_vuldb_tempscore	7.7	7.7
cvss3_vuldb_basescore	8.8	8.8
cvss3_vuldb_tempscore	8.0	8.0
cvss3_meta_basescore	8.8	8.8
cvss3_meta_tempscore	8.0	8.4
cvss4_vuldb_bscore	8.7	8.7
cvss4_vuldb_btscore	7.4	7.4
advisory_date	1767481200 (01/04/2026)	1767481200 (01/04/2026)
price_0day	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigAdvideo. The manipulation of the argument timestart leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
cvss4_cna_av		N
cvss4_cna_ac		L
cvss4_cna_at		N
cvss4_cna_pr		L
cvss4_cna_ui		N
cvss4_cna_vc		H
cvss4_cna_vi		H
cvss4_cna_va		H
cvss4_cna_sc		N
cvss4_cna_si		N
cvss4_cna_sa		N
cvss4_cna_bscore		8.7
cvss3_cna_av		N
cvss3_cna_ac		L
cvss3_cna_pr		L
cvss3_cna_ui		N
cvss3_cna_s		U
cvss3_cna_c		H
cvss3_cna_i		H
cvss3_cna_a		H
cvss3_cna_basescore		8.8
cvss2_cna_av		N
cvss2_cna_ac		L
cvss2_cna_au		S
cvss2_cna_ci		C
cvss2_cna_ii		C
cvss2_cna_ai		C
cvss2_cna_basescore		9

◂ Gurɗo Gumti Gada ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!