CVE-2025-70998: UTT HiPER

Security Advisory: Critical Vulnerability in UTT HiPER Router Firmware

Overview

A critical security vulnerability has been identified in certain UTT HiPER router models. The flaw resides in the device’s firmware and involves the use of insecure default credentials for the Telnet remote access service. This means the router ships with a pre-set, easily guessable username and password that cannot be changed by the user, creating a permanent backdoor.

Vulnerability Details

The affected UTT HiPER 810 / nv810v4 router runs firmware version v1.5.0-140603. The Telnet service on this device, which allows for remote command-line administration, is protected by weak, hard-coded login credentials. Because these defaults are embedded in the firmware and not intended for user modification, an attacker can reliably use them to gain access.

Impact and Risk Assessment

This vulnerability is rated CRITICAL with a CVSS score of 9.8. The potential impact is severe:

• Full System Compromise: A remote attacker can use a simple automated script to log into the Telnet service with the known default credentials and obtain root-level access to the router.
• Network Takeover: With root access, an attacker can reconfigure the router, intercept or redirect all network traffic (eavesdropping), disable security settings, and use the device as a launch point for attacks on the internal network.
• Persistence: The flaw is in the firmware itself, making the backdoor persistent across reboots and routine configuration changes.

Affected Products

• Model: UTT HiPER 810 / nv810v4
• Firmware Version: v1.5.0-140603
• Other firmware versions and models may also be affected and should be verified.

Remediation and Mitigation Steps

Immediate action is required for all administrators of potentially affected devices.

1. Primary Solution - Firmware Update: Contact the device vendor (UTT) immediately to inquire about the availability of a patched firmware version. Apply any official updated firmware as soon as it is provided. This is the only way to permanently remove the hard-coded credentials.

2. Critical Interim Mitigation - Disable Telnet:

   • Log into the router’s web administration interface.
   • Navigate to the remote management or services section.
   • Disable the Telnet service entirely. If remote administration is necessary, use a more secure protocol like SSH (if supported and properly configured with strong passwords).

3. Network Segmentation: If the router cannot be immediately updated or Telnet cannot be disabled, isolate it on a network segment to limit potential lateral movement in case of compromise. Restrict access to its management interface using firewall rules to only trusted administrative IP addresses, if the device supports this feature.

4. Monitor for Compromise: Review router logs for unexpected Telnet login attempts or unauthorized configuration changes. Monitor internal network traffic for unusual patterns indicating a breach.

Note: Simply changing the web admin password will not fix this vulnerability, as the Telnet credentials are separate and hard-coded into the firmware.