How to fix CVE-2025-70998?

Within 24 hours: Identify and inventory all UTT HiPER 810/nv810v4 routers running firmware v1.5.0-140603 in your environment; disable external telnet access via firewall rules and disable the telnet service where operationally feasible. Within 7 days: Change default credentials to strong, unique passwords; segment affected routers onto isolated management networks; implement network access controls and monitoring for telnet connections. Within 30 days: Monitor UTT for patch availability and apply immediately upon release; consider replacing affected devices if patches remain unavailable; conduct forensic analysis to detect unauthorized access attempts.

Is 810 Firmware affected by CVE-2025-70998?

UTT HiPER 810 routers with firmware v1.5.0-140603 contain hardcoded default credentials that allow unauthenticated remote attackers to gain root access.

CVE-2025-70998

CRITICAL

2026-02-18 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 19, 2026 - 18:47 vuln.today

Public exploit code

CVE Published

Feb 18, 2026 - 16:22 nvd

CRITICAL 9.8

Description

UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.

Analysis

Insecure default telnet credentials in UTT HiPER 810 router firmware v1.5.0. Default credentials are publicly known, enabling unauthenticated access to the router management. PoC available.

Technical Context

CWE-1188 insecure default initialization. The router ships with known default telnet credentials and may have telnet enabled by default.

Affected Products

['UTT HiPER 810 firmware v1.5.0-140603']

Remediation

Change default credentials. Disable telnet in favor of SSH. Update firmware.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +49

POC: +20

CVE-2025-70998 vulnerability details – vuln.today

Back

CVE-2025-70998

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-70998

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code