CVE-2026-1162 - Vulnerability Details

- UTT HiPER 810 setSysAdm strcpy buffer overflow

Description

A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /goform/setSysAdm. This manipulation of the argument passwd1 causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Published: 2026-01-19

Score: 9.3 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A buffer overflow exists in the strcpy function of the /goform/setSysAdm page of UTT HiPER 810 firmware 1.7.4‑141218. The vulnerability allows an attacker to manipulate the passwd1 argument, causing a buffer overrun that can result in arbitrary code execution. Remote exploitation is feasible and exploitation code has already been published. The assigned CVSS score of 9.3 indicates a critical level of risk for confidentiality, integrity, and availability.

Affected Systems

The flaw affects UTT’s HiPER 810 series, specifically firmware version 1.7.4‑141218. Any device running this firmware and exposing the /goform/setSysAdm interface is susceptible; other firmware releases and hardware models are not known to be impacted.

Risk and Exploitability

The CVSS base score of 9.3 signals a severe risk, while the EPSS score of <1% suggests the likelihood of exploitation is currently low. Nevertheless, an exploit has been publicly demonstrated and the vulnerability is not yet listed in the KEV catalog, meaning no public mitigation guidance from that source exists. The attack vector is remote over the network, typically via HTTP requests to the affected endpoint, and does not require local access. Once the overflow is triggered, an attacker gains unrestricted control over the device’s operating system.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

UTT

HiPER 810

affected

Version	Status	Constraints
`1.7.4-141218`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:utt:810_firmware:1.7.4-141218:*:*:*:*:*:*:*

cpe:2.3:h:utt:810:-:*:*:*:*:*:*:*

No data.

Vendor	Product	Confidence	Versions
Utt	Hiper 810	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the HiPER 810 firmware to a version that patches the strcpy buffer overflow in the /goform/setSysAdm handler.
If a firmware update is unavailable, block or restrict remote access to the /goform/setSysAdm endpoint using firewall rules or access control lists.
Segment the network to isolate the device from untrusted traffic and monitor for anomalous HTTP activity targeting the /goform/setSysAdm page.

Generated by OpenCVE AI on April 18, 2026 at 05:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00148.

Exploitation poc

Automatable yes

Technical Impact total

References

Link	Providers
https://github.com/cha0yang1/UTT810/blob/main/1.md
https://github.com/cha0yang1/UTT810/blob/main/1.md#poc
https://vuldb.com/?ctiid.341756
https://vuldb.com/?id.341756
https://vuldb.com/?submit.736511

History

Fri, 06 Feb 2026 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Utt 810 Utt 810 Firmware
CPEs		cpe:2.3:h:utt:810:-:::::::* cpe:2.3:o:utt:810_firmware:1.7.4-141218:::::::*
Vendors & Products		Utt 810 Utt 810 Firmware

Tue, 20 Jan 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 20 Jan 2026 08:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Utt Utt hiper 810
Vendors & Products		Utt Utt hiper 810

Mon, 19 Jan 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /goform/setSysAdm. This manipulation of the argument passwd1 causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Title		UTT HiPER 810 setSysAdm strcpy buffer overflow
Weaknesses		CWE-119 CWE-120
References		https://github.com/cha0yang1/UTT810/blob/main/1.md https://github.com/cha0yang1/UTT810/blob/main/1.md#poc https://vuldb.com/?ctiid.341756 https://vuldb.com/?id.341756 https://vuldb.com/?submit.736511
Metrics		cvssV2_0 `{'score': 10, 'vector': 'AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 9.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Utt 810 810 Firmware Hiper 810

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-01-19T16:32:06.149Z

Updated: 2026-02-23T08:47:39.436Z

Reserved: 2026-01-18T20:34:32.193Z

Link: CVE-2026-1162

Vulnrichment

Updated: 2026-01-20T21:34:05.955Z

NVD

Status : Analyzed

Published: 2026-01-19T17:15:50.087

Modified: 2026-02-06T19:18:18.280

Link: CVE-2026-1162

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-18T05:15:15Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object