All the vulnerabilites related to UTT - HiPER 840G
cve-2025-6732
Vulnerability from cvelistv5
Published
2025-06-26 21:31
Modified
2025-06-27 13:56
Severity ?
EPSS score ?
Summary
UTT HiPER 840G API setSysAdm strcpy buffer overflow
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.314007 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.314007 | signature, permissions-required | |
| https://vuldb.com/?submit.597677 | third-party-advisory | |
| https://github.com/d2pq/cve/blob/main/616/1.md | related | |
| https://github.com/d2pq/cve/blob/main/616/1.md#poc | exploit |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| UTT | HiPER 840G |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6732",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T13:56:03.823383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T13:56:24.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"API"
],
"product": "HiPER 840G",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.1.1-190328"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yuhongxiang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in UTT HiPER 840G bis 3.1.1-190328 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion strcpy der Datei /goform/setSysAdm der Komponente API. Dank Manipulation des Arguments passwd1 mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T21:31:12.543Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314007 | UTT HiPER 840G API setSysAdm strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.314007"
},
{
"name": "VDB-314007 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314007"
},
{
"name": "Submit #597677 | UTT HiPER 840G \u003c=V3v3.1.1-190328 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.597677"
},
{
"tags": [
"related"
],
"url": "https://github.com/d2pq/cve/blob/main/616/1.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/d2pq/cve/blob/main/616/1.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-26T18:04:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 840G API setSysAdm strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6732",
"datePublished": "2025-06-26T21:31:12.543Z",
"dateReserved": "2025-06-26T15:58:37.773Z",
"dateUpdated": "2025-06-27T13:56:24.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-6733
Vulnerability from cvelistv5
Published
2025-06-26 22:31
Modified
2025-06-27 14:02
Severity ?
EPSS score ?
Summary
UTT HiPER 840G API formConfigDnsFilterGlobal sub_416928 buffer overflow
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.314008 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.314008 | signature, permissions-required | |
| https://vuldb.com/?submit.597678 | third-party-advisory | |
| https://github.com/d2pq/cve/blob/main/616/2.md | related | |
| https://github.com/d2pq/cve/blob/main/616/2.md#poc | exploit |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| UTT | HiPER 840G |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6733",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T14:01:04.561769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T14:02:18.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"API"
],
"product": "HiPER 840G",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.1.1-190328"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yuhongxiang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In UTT HiPER 840G bis 3.1.1-190328 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion sub_416928 der Datei /goform/formConfigDnsFilterGlobal der Komponente API. Mit der Manipulation des Arguments GroupName mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T22:31:05.529Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314008 | UTT HiPER 840G API formConfigDnsFilterGlobal sub_416928 buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.314008"
},
{
"name": "VDB-314008 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314008"
},
{
"name": "Submit #597678 | UTT HiPER 840G \u003c=V3v3.1.1-190328 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.597678"
},
{
"tags": [
"related"
],
"url": "https://github.com/d2pq/cve/blob/main/616/2.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/d2pq/cve/blob/main/616/2.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-26T18:04:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 840G API formConfigDnsFilterGlobal sub_416928 buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6733",
"datePublished": "2025-06-26T22:31:05.529Z",
"dateReserved": "2025-06-26T15:59:07.591Z",
"dateUpdated": "2025-06-27T14:02:18.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-6734
Vulnerability from cvelistv5
Published
2025-06-26 23:00
Modified
2025-06-27 14:07
Severity ?
EPSS score ?
Summary
UTT HiPER 840G API formP2PLimitConfig sub_484E40 buffer overflow
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.314009 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.314009 | signature, permissions-required | |
| https://vuldb.com/?submit.597679 | third-party-advisory | |
| https://github.com/d2pq/cve/blob/main/616/3.md | related | |
| https://github.com/d2pq/cve/blob/main/616/3.md#poc | exploit |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| UTT | HiPER 840G |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6734",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T14:07:21.703459Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T14:07:51.343Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"API"
],
"product": "HiPER 840G",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.1.1-190328"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yuhongxiang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. This issue affects the function sub_484E40 of the file /goform/formP2PLimitConfig of the component API. The manipulation of the argument except leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in UTT HiPER 840G bis 3.1.1-190328 ausgemacht. Sie wurde als kritisch eingestuft. Hierbei geht es um die Funktion sub_484E40 der Datei /goform/formP2PLimitConfig der Komponente API. Durch die Manipulation des Arguments except mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T23:00:13.348Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314009 | UTT HiPER 840G API formP2PLimitConfig sub_484E40 buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.314009"
},
{
"name": "VDB-314009 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314009"
},
{
"name": "Submit #597679 | UTT HiPER 840G \u003c=V3v3.1.1-190328 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.597679"
},
{
"tags": [
"related"
],
"url": "https://github.com/d2pq/cve/blob/main/616/3.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/d2pq/cve/blob/main/616/3.md#poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-26T18:04:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 840G API formP2PLimitConfig sub_484E40 buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6734",
"datePublished": "2025-06-26T23:00:13.348Z",
"dateReserved": "2025-06-26T15:59:09.849Z",
"dateUpdated": "2025-06-27T14:07:51.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}