CVE-2025-11653

Name of the Vulnerable Software and Affected Versions UTT HiPER 2620G versions through 3.1.4

Description A flaw exists in UTT HiPER 2620G up to version 3.1.4. The strcpy function within the /goform/fNTP file is susceptible to a buffer overflow when the NTPServerIP argument is manipulated. This issue can be exploited remotely. The exploit for this issue has been publicly disclosed. The vendor was informed about the disclosure but did not respond.

Recommendations Versions prior to 3.1.4 should be updated. As a temporary workaround, consider restricting access to the /goform/fNTP file to minimize the risk of exploitation.