Description
A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects an unknown function of the file /goform/ConfigWirelessBase_5g of the component Web Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-07-05
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stack‑based buffer overflow exists in the UTT HiPER 1250GW web endpoint /goform/ConfigWirelessBase_5g. Manipulating the ssid argument can overwrite the stack and potentially allow an attacker to execute arbitrary code. This flaw breaks confidentiality, integrity, and availability by permitting remote code execution on the device.

Affected Systems

UTT HiPER 1250GW radios with firmware versions up to 3.2.7‑210907-180535 are affected. All models running these or earlier firmware are susceptible to the vulnerability.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.7, indicating high severity. EPSS information is not available, and the issue is not listed in CISA’s KEV catalog, but a public exploit has been disclosed and is actively available. Because the attack can be performed remotely via the web interface, the risk to exposed devices is significant.

Generated by OpenCVE AI on July 5, 2026 at 15:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the UTT HiPER 1250GW firmware to a release newer than 3.2.7‑210907-180535 to eliminate the vulnerable code path.
  • If a patch is not immediately available, restrict external access to the /goform/ConfigWirelessBase_5g endpoint by firewall or device ACL rules, ensuring only trusted management networks can reach it.
  • Disable or limit the SSID parameter in the web interface by reconfiguring or temporarily removing the endpoint to prevent exploitation until a patch is applied.

Generated by OpenCVE AI on July 5, 2026 at 15:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 05 Jul 2026 08:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects an unknown function of the file /goform/ConfigWirelessBase_5g of the component Web Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Title UTT HiPER 1250GW Web Endpoint ConfigWirelessBase_5g stack-based overflow
First Time appeared Utt
Utt hiper 1250gw
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:*
Vendors & Products Utt
Utt hiper 1250gw
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}


Subscriptions

Utt Hiper 1250gw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-07-05T07:15:06.452Z

Reserved: 2026-07-04T07:58:44.620Z

Link: CVE-2026-14721

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-05T15:45:03Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow