{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-6733","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-06-26T15:59:07.591Z","datePublished":"2025-06-26T22:31:05.529Z","dateUpdated":"2025-06-27T14:02:18.205Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-06-26T22:31:05.529Z"},"title":"UTT HiPER 840G API formConfigDnsFilterGlobal sub_416928 buffer overflow","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-120","lang":"en","description":"Buffer Overflow"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-119","lang":"en","description":"Memory Corruption"}]}],"affected":[{"vendor":"UTT","product":"HiPER 840G","versions":[{"version":"3.1.1-190328","status":"affected"}],"modules":["API"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."},{"lang":"de","value":"In UTT HiPER 840G bis 3.1.1-190328 wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Dabei geht es um die Funktion sub_416928 der Datei /goform/formConfigDnsFilterGlobal der Komponente API. Mit der Manipulation des Arguments GroupName mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":8.7,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P","baseSeverity":"HIGH"}},{"cvssV3_1":{"version":"3.1","baseScore":8.8,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":8.8,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":9,"vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-06-26T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-06-26T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-06-26T18:04:16.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"yuhongxiang (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.314008","name":"VDB-314008 | UTT HiPER 840G API formConfigDnsFilterGlobal sub_416928 buffer overflow","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.314008","name":"VDB-314008 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.597678","name":"Submit #597678 | UTT HiPER 840G <=V3v3.1.1-190328 Buffer Overflow","tags":["third-party-advisory"]},{"url":"https://github.com/d2pq/cve/blob/main/616/2.md","tags":["related"]},{"url":"https://github.com/d2pq/cve/blob/main/616/2.md#poc","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-06-27T14:01:04.561769Z","id":"CVE-2025-6733","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-27T14:02:18.205Z"}}]}}