Description
A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Published: 2026-06-01
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack-based buffer overflow exists in the strcpy function within the /goform/formFireWall handler of UTT HiPER 1200GW firmware. An attacker can manipulate the Profile argument to overflow the stack, enabling arbitrary code execution on the device. The flaw is identified as CWE-119 and CWE-121 and has been publicly exploited.

Affected Systems

UTT HiPER 1200GW firmware versions up to 2.5.3-170306 are affected. The vulnerability is contained within the formFireWall API accessible via the device's web interface.

Risk and Exploitability

The CVSS score of 8.7 categorizes the issue as High severity. EPSS is not available, but the existence of a published exploit and remote access requirement indicate a realistic threat. The vulnerability is not listed in the CISA KEV catalog, yet its remote exploitation feasibility demands immediate attention. Exploitation would typically occur over the network through the web interface, requiring the attacker to send a crafted Profile parameter to trigger the overflow.

Generated by OpenCVE AI on June 1, 2026 at 22:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the UTT HiPER 1200GW firmware to a version that resolves the strcpy buffer overflow in the formFireWall module.
  • If an update is unavailable, restrict external access to the device's web interface and monitor for suspicious activity.
  • Verify that the Profile parameter is properly validated and consider disabling the formFireWall feature if it is not required for operations.

Generated by OpenCVE AI on June 1, 2026 at 22:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Title UTT HiPER 1200GW formFireWall strcpy stack-based overflow
First Time appeared Utt
Utt hiper 1200gw
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:*
Vendors & Products Utt
Utt hiper 1200gw
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Utt Hiper 1200gw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-02T13:11:20.152Z

Reserved: 2026-05-31T17:47:49.156Z

Link: CVE-2026-10293

cve-icon Vulnrichment

Updated: 2026-06-02T13:11:14.956Z

cve-icon NVD

Status : Deferred

Published: 2026-06-01T22:16:24.493

Modified: 2026-06-02T13:03:31.153

Link: CVE-2026-10293

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T04:15:05Z

Weaknesses