Search
Find a vulnerability
Search criteria
18 vulnerabilities found for HiPER 1250GW by UTT
CVE-2026-9632 (GCVE-0-2026-9632)
Vulnerability from nvd – Published: 2026-05-27 01:30 – Updated: 2026-05-28 14:19
VLAI
Title
UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow
Summary
A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365741 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365741/cti | signaturepermissions-required |
| https://vuldb.com/submit/818383 | third-party-advisory |
| https://github.com/luozhibo-sec/cve/blob/main/12.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9632",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T14:18:17.198956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:19:32.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "luozhibo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T01:30:11.707Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365741 | UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365741"
},
{
"name": "VDB-365741 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365741/cti"
},
{
"name": "Submit #818383 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818383"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/luozhibo-sec/cve/blob/main/12.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:54:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9632",
"datePublished": "2026-05-27T01:30:11.707Z",
"dateReserved": "2026-05-26T17:49:19.767Z",
"dateUpdated": "2026-05-28T14:19:32.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9631 (GCVE-0-2026-9631)
Vulnerability from nvd – Published: 2026-05-27 01:15 – Updated: 2026-05-27 12:31
VLAI
Title
UTT HiPER 1250GW Web Management formConfigFastDirectionW strcpy stack-based overflow
Summary
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365740 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365740/cti | signaturepermissions-required |
| https://vuldb.com/submit/818375 | third-party-advisory |
| https://github.com/zhouguobing-maker/cve/blob/mai… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9631",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T12:31:06.835017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T12:31:13.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zhouguobing (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T01:15:09.839Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365740 | UTT HiPER 1250GW Web Management formConfigFastDirectionW strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365740"
},
{
"name": "VDB-365740 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365740/cti"
},
{
"name": "Submit #818375 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818375"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/zhouguobing-maker/cve/blob/main/11.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:53:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW Web Management formConfigFastDirectionW strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9631",
"datePublished": "2026-05-27T01:15:09.839Z",
"dateReserved": "2026-05-26T17:48:33.182Z",
"dateUpdated": "2026-05-27T12:31:13.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7420 (GCVE-0-2026-7420)
Vulnerability from nvd – Published: 2026-04-29 22:30 – Updated: 2026-04-30 13:48
VLAI
Title
UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow
Summary
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360157 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360157/cti | signaturepermissions-required |
| https://vuldb.com/submit/803997 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7420",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:47:14.002298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:48:41.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:30:12.855Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360157 | UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360157"
},
{
"name": "VDB-360157 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360157/cti"
},
{
"name": "Submit #803997 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803997"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/5/5.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T16:19:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7420",
"datePublished": "2026-04-29T22:30:12.855Z",
"dateReserved": "2026-04-29T14:14:39.456Z",
"dateUpdated": "2026-04-30T13:48:41.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7419 (GCVE-0-2026-7419)
Vulnerability from nvd – Published: 2026-04-29 22:15 – Updated: 2026-04-30 13:11
VLAI
Title
UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow
Summary
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360156 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360156/cti | signaturepermissions-required |
| https://vuldb.com/submit/803994 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7419",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:10:53.983295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:11:06.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:15:10.993Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360156 | UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360156"
},
{
"name": "VDB-360156 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360156/cti"
},
{
"name": "Submit #803994 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803994"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/2/2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T16:19:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7419",
"datePublished": "2026-04-29T22:15:10.993Z",
"dateReserved": "2026-04-29T14:14:36.356Z",
"dateUpdated": "2026-04-30T13:11:06.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7418 (GCVE-0-2026-7418)
Vulnerability from nvd – Published: 2026-04-29 22:00 – Updated: 2026-04-30 12:12
VLAI
Title
UTT HiPER 1250GW NTP strcpy buffer overflow
Summary
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360155 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360155/cti | signaturepermissions-required |
| https://vuldb.com/submit/803993 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7418",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T12:12:08.781314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T12:12:24.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:00:13.518Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360155 | UTT HiPER 1250GW NTP strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360155"
},
{
"name": "VDB-360155 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360155/cti"
},
{
"name": "Submit #803993 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803993"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/1/1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T16:19:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW NTP strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7418",
"datePublished": "2026-04-29T22:00:13.518Z",
"dateReserved": "2026-04-29T14:14:33.304Z",
"dateUpdated": "2026-04-30T12:12:24.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5566 (GCVE-0-2026-5566)
Vulnerability from nvd – Published: 2026-04-05 12:15 – Updated: 2026-04-06 15:27
VLAI
Title
UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow
Summary
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355336 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/355336/cti | signaturepermissions-required |
| https://vuldb.com/submit/782993 | third-party-advisory |
| https://github.com/Moxxkidd/CVE/issues/1 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T15:27:38.802568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:27:48.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Doma (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T12:15:10.664Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355336 | UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/355336"
},
{
"name": "VDB-355336 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355336/cti"
},
{
"name": "Submit #782993 | UTT\uff08AiTai\uff09 HiPER 1250GW \u003c= v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782993"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Moxxkidd/CVE/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T16:24:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5566",
"datePublished": "2026-04-05T12:15:10.664Z",
"dateReserved": "2026-04-04T14:19:03.601Z",
"dateUpdated": "2026-04-06T15:27:48.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5544 (GCVE-0-2026-5544)
Vulnerability from nvd – Published: 2026-04-05 04:45 – Updated: 2026-04-07 02:40
VLAI
Title
UTT HiPER 1250GW formRemoteControl stack-based overflow
Summary
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355297 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/355297/cti | signaturepermissions-required |
| https://vuldb.com/submit/782268 | third-party-advisory |
| https://github.com/jinxjinxboom/cve/issues/1 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T02:40:40.605585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T02:40:54.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cosy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T04:45:11.331Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355297 | UTT HiPER 1250GW formRemoteControl stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/355297"
},
{
"name": "VDB-355297 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355297/cti"
},
{
"name": "Submit #782268 | UTT HiPER 1250GW \u003c= v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782268"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/jinxjinxboom/cve/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T09:01:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW formRemoteControl stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5544",
"datePublished": "2026-04-05T04:45:11.331Z",
"dateReserved": "2026-04-04T06:56:52.200Z",
"dateUpdated": "2026-04-07T02:40:54.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4862 (GCVE-0-2026-4862)
Vulnerability from nvd – Published: 2026-03-26 09:00 – Updated: 2026-03-26 18:23
VLAI
Title
UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow
Summary
A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.353193 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.353193 | signaturepermissions-required |
| https://vuldb.com/?submit.776230 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4862",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T18:23:45.012609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:23:53.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Parameter Handler"
],
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T09:00:32.777Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-353193 | UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.353193"
},
{
"name": "VDB-353193 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.353193"
},
{
"name": "Submit #776230 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.776230"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/309-1/5.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-25T17:38:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4862",
"datePublished": "2026-03-26T09:00:32.777Z",
"dateReserved": "2026-03-25T16:33:35.461Z",
"dateUpdated": "2026-03-26T18:23:53.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4488 (GCVE-0-2026-4488)
Vulnerability from nvd – Published: 2026-03-20 15:32 – Updated: 2026-03-20 19:59
VLAI
Title
UTT HiPER 1250GW setSysAdm strcpy buffer overflow
Summary
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.352011 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.352011 | signaturepermissions-required |
| https://vuldb.com/?submit.773565 | third-party-advisory |
| https://github.com/hmKunlun/UTTHiPER/blob/main/Hi… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4488",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T19:58:52.361795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T19:59:01.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "kunlun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T15:32:11.746Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-352011 | UTT HiPER 1250GW setSysAdm strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.352011"
},
{
"name": "VDB-352011 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.352011"
},
{
"name": "Submit #773565 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.773565"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/hmKunlun/UTTHiPER/blob/main/HiPER%201250GW.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-20T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-20T09:26:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW setSysAdm strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4488",
"datePublished": "2026-03-20T15:32:11.746Z",
"dateReserved": "2026-03-20T08:21:30.384Z",
"dateUpdated": "2026-03-20T19:59:01.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9632 (GCVE-0-2026-9632)
Vulnerability from cvelistv5 – Published: 2026-05-27 01:30 – Updated: 2026-05-28 14:19
VLAI
Title
UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow
Summary
A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365741 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365741/cti | signaturepermissions-required |
| https://vuldb.com/submit/818383 | third-party-advisory |
| https://github.com/luozhibo-sec/cve/blob/main/12.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9632",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T14:18:17.198956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:19:32.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "luozhibo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T01:30:11.707Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365741 | UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365741"
},
{
"name": "VDB-365741 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365741/cti"
},
{
"name": "Submit #818383 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818383"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/luozhibo-sec/cve/blob/main/12.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:54:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9632",
"datePublished": "2026-05-27T01:30:11.707Z",
"dateReserved": "2026-05-26T17:49:19.767Z",
"dateUpdated": "2026-05-28T14:19:32.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9631 (GCVE-0-2026-9631)
Vulnerability from cvelistv5 – Published: 2026-05-27 01:15 – Updated: 2026-05-27 12:31
VLAI
Title
UTT HiPER 1250GW Web Management formConfigFastDirectionW strcpy stack-based overflow
Summary
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365740 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365740/cti | signaturepermissions-required |
| https://vuldb.com/submit/818375 | third-party-advisory |
| https://github.com/zhouguobing-maker/cve/blob/mai… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9631",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T12:31:06.835017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T12:31:13.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zhouguobing (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T01:15:09.839Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365740 | UTT HiPER 1250GW Web Management formConfigFastDirectionW strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365740"
},
{
"name": "VDB-365740 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365740/cti"
},
{
"name": "Submit #818375 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818375"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/zhouguobing-maker/cve/blob/main/11.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:53:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW Web Management formConfigFastDirectionW strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9631",
"datePublished": "2026-05-27T01:15:09.839Z",
"dateReserved": "2026-05-26T17:48:33.182Z",
"dateUpdated": "2026-05-27T12:31:13.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7420 (GCVE-0-2026-7420)
Vulnerability from cvelistv5 – Published: 2026-04-29 22:30 – Updated: 2026-04-30 13:48
VLAI
Title
UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow
Summary
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360157 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360157/cti | signaturepermissions-required |
| https://vuldb.com/submit/803997 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7420",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:47:14.002298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:48:41.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:30:12.855Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360157 | UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360157"
},
{
"name": "VDB-360157 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360157/cti"
},
{
"name": "Submit #803997 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803997"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/5/5.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T16:19:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7420",
"datePublished": "2026-04-29T22:30:12.855Z",
"dateReserved": "2026-04-29T14:14:39.456Z",
"dateUpdated": "2026-04-30T13:48:41.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7419 (GCVE-0-2026-7419)
Vulnerability from cvelistv5 – Published: 2026-04-29 22:15 – Updated: 2026-04-30 13:11
VLAI
Title
UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow
Summary
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360156 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360156/cti | signaturepermissions-required |
| https://vuldb.com/submit/803994 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7419",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:10:53.983295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:11:06.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:15:10.993Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360156 | UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360156"
},
{
"name": "VDB-360156 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360156/cti"
},
{
"name": "Submit #803994 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803994"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/2/2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T16:19:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7419",
"datePublished": "2026-04-29T22:15:10.993Z",
"dateReserved": "2026-04-29T14:14:36.356Z",
"dateUpdated": "2026-04-30T13:11:06.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7418 (GCVE-0-2026-7418)
Vulnerability from cvelistv5 – Published: 2026-04-29 22:00 – Updated: 2026-04-30 12:12
VLAI
Title
UTT HiPER 1250GW NTP strcpy buffer overflow
Summary
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360155 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360155/cti | signaturepermissions-required |
| https://vuldb.com/submit/803993 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7418",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T12:12:08.781314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T12:12:24.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:00:13.518Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360155 | UTT HiPER 1250GW NTP strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360155"
},
{
"name": "VDB-360155 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360155/cti"
},
{
"name": "Submit #803993 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803993"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/1/1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T16:19:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW NTP strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7418",
"datePublished": "2026-04-29T22:00:13.518Z",
"dateReserved": "2026-04-29T14:14:33.304Z",
"dateUpdated": "2026-04-30T12:12:24.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5566 (GCVE-0-2026-5566)
Vulnerability from cvelistv5 – Published: 2026-04-05 12:15 – Updated: 2026-04-06 15:27
VLAI
Title
UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow
Summary
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355336 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/355336/cti | signaturepermissions-required |
| https://vuldb.com/submit/782993 | third-party-advisory |
| https://github.com/Moxxkidd/CVE/issues/1 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T15:27:38.802568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:27:48.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Doma (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T12:15:10.664Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355336 | UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/355336"
},
{
"name": "VDB-355336 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355336/cti"
},
{
"name": "Submit #782993 | UTT\uff08AiTai\uff09 HiPER 1250GW \u003c= v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782993"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Moxxkidd/CVE/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T16:24:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5566",
"datePublished": "2026-04-05T12:15:10.664Z",
"dateReserved": "2026-04-04T14:19:03.601Z",
"dateUpdated": "2026-04-06T15:27:48.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5544 (GCVE-0-2026-5544)
Vulnerability from cvelistv5 – Published: 2026-04-05 04:45 – Updated: 2026-04-07 02:40
VLAI
Title
UTT HiPER 1250GW formRemoteControl stack-based overflow
Summary
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355297 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/355297/cti | signaturepermissions-required |
| https://vuldb.com/submit/782268 | third-party-advisory |
| https://github.com/jinxjinxboom/cve/issues/1 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5544",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T02:40:40.605585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T02:40:54.277Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cosy (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T04:45:11.331Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355297 | UTT HiPER 1250GW formRemoteControl stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/355297"
},
{
"name": "VDB-355297 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355297/cti"
},
{
"name": "Submit #782268 | UTT HiPER 1250GW \u003c= v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782268"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/jinxjinxboom/cve/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T09:01:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW formRemoteControl stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5544",
"datePublished": "2026-04-05T04:45:11.331Z",
"dateReserved": "2026-04-04T06:56:52.200Z",
"dateUpdated": "2026-04-07T02:40:54.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4862 (GCVE-0-2026-4862)
Vulnerability from cvelistv5 – Published: 2026-03-26 09:00 – Updated: 2026-03-26 18:23
VLAI
Title
UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow
Summary
A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.353193 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.353193 | signaturepermissions-required |
| https://vuldb.com/?submit.776230 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4862",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T18:23:45.012609Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T18:23:53.788Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Parameter Handler"
],
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T09:00:32.777Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-353193 | UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.353193"
},
{
"name": "VDB-353193 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.353193"
},
{
"name": "Submit #776230 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.776230"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/309-1/5.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-25T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-25T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-25T17:38:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4862",
"datePublished": "2026-03-26T09:00:32.777Z",
"dateReserved": "2026-03-25T16:33:35.461Z",
"dateUpdated": "2026-03-26T18:23:53.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-4488 (GCVE-0-2026-4488)
Vulnerability from cvelistv5 – Published: 2026-03-20 15:32 – Updated: 2026-03-20 19:59
VLAI
Title
UTT HiPER 1250GW setSysAdm strcpy buffer overflow
Summary
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.352011 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.352011 | signaturepermissions-required |
| https://vuldb.com/?submit.773565 | third-party-advisory |
| https://github.com/hmKunlun/UTTHiPER/blob/main/Hi… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4488",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T19:58:52.361795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T19:59:01.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "kunlun (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T15:32:11.746Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-352011 | UTT HiPER 1250GW setSysAdm strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.352011"
},
{
"name": "VDB-352011 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.352011"
},
{
"name": "Submit #773565 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.773565"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/hmKunlun/UTTHiPER/blob/main/HiPER%201250GW.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-20T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-20T09:26:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW setSysAdm strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4488",
"datePublished": "2026-03-20T15:32:11.746Z",
"dateReserved": "2026-03-20T08:21:30.384Z",
"dateUpdated": "2026-03-20T19:59:01.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}