CVE-2025-10170 is a high-severity buffer overflow vulnerability affecting the UTT 1200GW device, specifically versions up to 3.0.0-170831. The vulnerability resides in the function sub_4B48F8 within the /goform/formApLbConfig file. It is triggered by manipulating the argument loadBalanceNameOld, which leads to a buffer overflow condition. This flaw allows an attacker to remotely execute arbitrary code or cause a denial of service without requiring user interaction or elevated privileges, as the attack vector is network-based and requires only low privileges. The vulnerability has been publicly disclosed, and although no known exploits are currently observed in the wild, the availability of exploit details increases the risk of exploitation. The vendor has not responded to the disclosure, and no patches are currently available, leaving affected systems exposed. The CVSS 4.0 score of 8.7 reflects the high impact on confidentiality, integrity, and availability, combined with ease of exploitation and no user interaction needed. This vulnerability could be exploited to compromise the device’s operation, potentially allowing attackers to intercept or manipulate network traffic, disrupt services, or pivot into internal networks.

For European organizations, the exploitation of CVE-2025-10170 could have significant consequences, especially for those relying on UTT 1200GW devices in their network infrastructure. The buffer overflow can lead to remote code execution, enabling attackers to gain control over the device, disrupt network operations, or exfiltrate sensitive data. This poses risks to confidentiality, integrity, and availability of organizational data and services. Critical infrastructure operators, telecommunications providers, and enterprises using these devices for load balancing or network management could face service outages or data breaches. Given the lack of vendor response and patches, organizations may experience prolonged exposure, increasing the window for attackers to develop and deploy exploits. Additionally, compromised devices could be used as footholds for lateral movement within networks, amplifying the threat to broader IT environments.

Organizations should immediately inventory their network to identify any UTT 1200GW devices running affected firmware versions. Since no official patches are available, mitigating controls include isolating these devices from untrusted networks, restricting management interfaces to trusted IP addresses, and implementing strict network segmentation to limit potential lateral movement. Deploying intrusion detection/prevention systems (IDS/IPS) with signatures tuned to detect anomalous traffic targeting /goform/formApLbConfig or suspicious buffer overflow attempts can provide early warning. Regular monitoring of device logs and network traffic for unusual activity is critical. Where possible, consider replacing vulnerable devices with alternative hardware or firmware versions not affected by this vulnerability. Additionally, organizations should engage with UTT or authorized vendors to seek firmware updates or official guidance. Finally, ensure that incident response plans include scenarios involving exploitation of network device vulnerabilities.