Description
A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-06-08
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the strcpy function used by the /goform/formConfigDnsFilterGlobal endpoint of UTT HiPER 2610G. Manipulating the GroupName argument causes a buffer overflow, which can overwrite memory and give an attacker control over program execution. The violation is a classic stack-based buffer overflow that could be leveraged to execute arbitrary code in the device's firmware, compromising confidentiality, integrity and availability of the gateway.

Affected Systems

The flaw impacts UTT HiPER 2610G devices running firmware versions up to and including 3.0.0-171107. Only this product family is listed as affected and no newer versions are confirmed to be large enough to mitigate the issue within the provided data.

Risk and Exploitability

The CVSS score is 8.7, indicating high severity. An EPSS score is not available, so the current likelihood of exploitation is unknown; however, the vulnerability can be triggered remotely via standard HTTP form requests, and public exploits have already been disclosed. The issue is not listed in CISA KEV, but its nature suggests that attackers could target vulnerable routers in the network without requiring local access.

Generated by OpenCVE AI on June 8, 2026 at 15:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the router firmware to a version that removes the vulnerable strcpy usage, ensuring it is newer than 3.0.0-171107.
  • If a patch is not immediately available, disable or block the /goform/formConfigDnsFilterGlobal endpoint through the device’s firewall or access control settings.
  • Monitor device logs for abnormal requests to the GroupName parameter and watch for signs of memory corruption or crashes.

Generated by OpenCVE AI on June 8, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Title UTT HiPER 2610G formConfigDnsFilterGlobal strcpy buffer overflow
First Time appeared Utt
Utt hiper 2610g
Weaknesses CWE-119
CWE-120
CPEs cpe:2.3:a:utt:hiper_2610g:*:*:*:*:*:*:*:*
Vendors & Products Utt
Utt hiper 2610g
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Utt Hiper 2610g
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T13:15:09.750Z

Reserved: 2026-06-07T15:57:26.282Z

Link: CVE-2026-11517

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T15:16:43.233

Modified: 2026-06-08T15:16:43.233

Link: CVE-2026-11517

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T15:30:27Z

Weaknesses