How to fix CVE-2025-14191?

Within 24 hours: Inventory all UTT 进取 512W devices in your environment and isolate affected units from production networks if possible. Within 7 days: Implement network segmentation to restrict access to the /goform/formP2PLimitConfig endpoint and deploy WAF rules blocking malicious payloads to this path. Within 30 days: Evaluate replacement hardware from vendors with active security support, and plan migration away from affected devices with documented EOL timeline.

Is 512w Firmware affected by CVE-2025-14191?

A critical remote code execution vulnerability affects UTT 进取 512W devices (versions up to 1.7.7-171114) through a buffer overflow in the P2P configuration interface.

CVE-2025-14191

EUVD-2025-201601 HIGH

2025-12-07 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:50 euvd

EUVD-2025-201601

Analysis Generated

Mar 15, 2026 - 17:50 vuln.today

PoC Detected

Jan 05, 2026 - 19:36 vuln.today

Public exploit code

CVE Published

Dec 07, 2025 - 13:15 nvd

HIGH 8.8

Description

A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formP2PLimitConfig. Such manipulation of the argument except leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

Technical Context

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state.

Affected Products

Affected products: Utt 512W Firmware

Remediation

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +44

POC: +20

CVE-2025-14191 vulnerability details – vuln.today

Back

CVE-2025-14191

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-14191

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code