CVE-2026-2935 - Vulnerability Details

- UTT HiPER 810G ConfigExceptMSN strcpy buffer overflow

Description

A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Published: 2026-02-22

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A buffer overflow vulnerability exists in the strcpy function used by the /goform/ConfigExceptMSN interface of the UTT HiPER 810G. The flaw arises when the remark argument is manipulated, allowing an attacker to exceed the buffer limits. This flaw corresponds to CWE‑119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE‑120 (Read/Write Buffer Overflows). If successfully exploited, an attacker can overwrite critical memory structures, potentially leading to arbitrary code execution or denial of service on the affected device.

Affected Systems

The vulnerability affects the UTT HiPER 810G up to firmware version 1.7.7‑171114. Software running on versions earlier than 1.7.8 is susceptible. This includes the specified firmware build and any downstream devices that use the same version or earlier revisions.

Risk and Exploitability

The CVSS score of 8.6 indicates high severity. Although the EPSS score is reported as less than 1%, a publicly available exploit has been disclosed, increasing practical risk. The vulnerability is not listed in CISA’s KEV catalog. Remote exploitation requires networking capabilities to the device and the ability to craft a remark payload. Successful exploitation could grant the attacker administrative control, data exfiltration, or disruption of the device’s intended function.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

UTT

HiPER 810G

affected

Version	Status	Constraints
`1.7.7-171114`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:utt:810g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:utt:810g:3.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Utt

Hiper 810g

100%

Version	Status	Scheme	Platform
`1.7.7-171114`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the HiPER 810G firmware to a version that resolves the strcpy buffer overflow, such as 1.7.8 or later.
If an update is not immediately possible, block or restrict remote access to the /goform/ConfigExceptMSN endpoint using network firewalls or device access controls.
Deploy runtime monitoring to detect abnormal input lengths or repeated access attempts to the remark field, and alert administrators of potential exploitation attempts.

Generated by OpenCVE AI on April 17, 2026 at 16:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00153.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/alc9700jmo/CVE/issues/23
https://vuldb.com/?ctiid.347297
https://vuldb.com/?id.347297
https://vuldb.com/?submit.755297

History

Wed, 25 Feb 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 24 Feb 2026 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Utt 810g Utt 810g Firmware
CPEs		cpe:2.3:h:utt:810g:3.0:::::::* cpe:2.3:o:utt:810g_firmware::::::::
Vendors & Products		Utt 810g Utt 810g Firmware

Mon, 23 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Utt Utt hiper 810g
Vendors & Products		Utt Utt hiper 810g

Sun, 22 Feb 2026 08:30:00 +0000

Type	Values Removed	Values Added
Description		A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Title		UTT HiPER 810G ConfigExceptMSN strcpy buffer overflow
Weaknesses		CWE-119 CWE-120
References		https://github.com/alc9700jmo/CVE/issues/23 https://vuldb.com/?ctiid.347297 https://vuldb.com/?id.347297 https://vuldb.com/?submit.755297
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Utt 810g 810g Firmware Hiper 810g

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-22T08:02:11.025Z

Updated: 2026-02-25T18:32:41.478Z

Reserved: 2026-02-21T08:21:46.039Z

Link: CVE-2026-2935

Vulnrichment

Updated: 2026-02-25T18:32:35.159Z

NVD

Status : Analyzed

Published: 2026-02-22T09:16:11.403

Modified: 2026-02-24T17:17:49.393

Link: CVE-2026-2935

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T16:45:15Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object