What is the CVSS score of CVE-2025-70998?

CVE-2025-70998 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of 810 Firmware are affected by CVE-2025-70998?

UTT HiPER 810 routers with firmware v1.5.0-140603 contain hardcoded default credentials that allow unauthenticated remote attackers to gain root access.

Is there a public PoC exploit available for CVE-2025-70998?

Yes, a public proof-of-concept exploit is available for CVE-2025-70998. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-70998?

Within 24 hours: Identify and inventory all UTT HiPER 810/nv810v4 routers running firmware v1.5.0-140603 in your environment; disable external telnet access via firewall rules and disable the telnet service where operationally feasible. Within 7 days: Change default credentials to strong, unique passwords; segment affected routers onto isolated management networks; implement network access controls and monitoring for telnet connections. Within 30 days: Monitor UTT for patch availability and apply immediately upon release; consider replacing affected devices if patches remain unavailable; conduct forensic analysis to detect unauthorized access attempts.

810 Firmware CVE-2025-70998

CRITICAL

Initialization of a Resource with an Insecure Default (CWE-1188)

2026-02-18 cve@mitre.org

Information Disclosure 810 Firmware

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 19, 2026 - 18:47 vuln.today

Public exploit code

CVE Published

Feb 18, 2026 - 16:22 nvd

CRITICAL 9.8

DescriptionCVE.org

UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.

AnalysisAI

Insecure default telnet credentials in UTT HiPER 810 router firmware v1.5.0. Default credentials are publicly known, enabling unauthenticated access to the router management. PoC available.

Technical ContextAI

CWE-1188 insecure default initialization. The router ships with known default telnet credentials and may have telnet enabled by default.

RemediationAI

Change default credentials. Disable telnet in favor of SSH. Update firmware.

CVE-2025-70998 vulnerability details – vuln.today

Back

810 Firmware CVE-2025-70998

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code