CVE-2025-6098

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions UTT 进取 750W versions up to 5.0

Description A critical issue affects the strcpy function of the /goform/setSysAdm component API. The manipulation of the passwd1 argument leads to a buffer overflow. This issue can be exploited remotely.

Recommendations For UTT 进取 750W versions up to 5.0, as a temporary workaround, consider disabling the strcpy function in the /goform/setSysAdm API endpoint until a patch is available. Restrict access to the /goform/setSysAdm endpoint to minimize the risk of exploitation. Avoid using the passwd1 argument in the affected API endpoint until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

CVE-2025-6098

Affected Products

Utt 进取 750W

CVE-2025-6098

Weakness Enumeration

Related Identifiers

Affected Products

References · 15