Description
A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
Published: 2026-06-01
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack‑based buffer overflow occurs during the processing of the strcpy function in the /goform/formTaskEdit handler. The flaw allows an attacker to send an overly long string, which overflows the buffer, corrupts the stack, and gives the attacker the ability to execute arbitrary code on the device. This leads to full compromise of the affected device, including control of system functions and data.

Affected Systems

The vulnerability exists in UTT HiPER 1200GW firmware versions up to 2.5.3‑170306. The affected product is the UTT HiPER 1200GW, a form‑task management system provided by UTT.

Risk and Exploitability

The CVSS score of 8.7 indicates a high impact severity, and the EPSS score is not available; however, the public nature of the exploit and remote launchability raise the likelihood of active exploitation. The vulnerability is not listed in the CISA KEV catalog, but the risk remains significant due to the potential for remote code execution.

Generated by OpenCVE AI on June 1, 2026 at 22:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from UTT that addresses the buffer overflow in formTaskEdit or upgrade the device to a version newer than 2.5.3‑170306.
  • Restrict remote access to the /goform/formTaskEdit endpoint by configuring authentication, network ACLs, or firewall rules so that only trusted hosts can reach it.
  • Monitor device logs for unusual activity on formTaskEdit and set up alerts for abnormal input strings that may indicate attempts to trigger the overflow.

Generated by OpenCVE AI on June 1, 2026 at 22:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
Title UTT HiPER 1200GW formTaskEdit strcpy stack-based overflow
First Time appeared Utt
Utt hiper 1200gw
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:*
Vendors & Products Utt
Utt hiper 1200gw
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Utt Hiper 1200gw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-02T15:46:09.121Z

Reserved: 2026-05-31T17:47:45.492Z

Link: CVE-2026-10292

cve-icon Vulnrichment

Updated: 2026-06-02T15:13:29.290Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T22:16:24.280

Modified: 2026-06-02T13:03:31.153

Link: CVE-2026-10292

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T00:30:26Z

Weaknesses