CVE-2026-2980 - Vulnerability Details

- UTT HiPER 810G setSysAdm strcpy buffer overflow

Description

A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of the argument passwd1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Published: 2026-02-23

Score: 8.6 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a stack-based buffer overflow triggered by an overly long "passwd1" argument sent to the /goform/setSysAdm function in UTT HiPER 810G firmware. The use of the unsafe strcpy function in this code path can overwrite adjacent memory, potentially leading to arbitrary code execution. This flaw is numbered CWE-119 (Improper Restriction of Operations within the Bounds of a Buffer) and CWE-120 (Classic Buffer Overflow).

Affected Systems

Device owners of UTT HiPER 810G units running firmware versions up to and including 1.7.7-1711 are affected. The vulnerability exists in the device’s web interface and is manifested through the admin configuration page.

Risk and Exploitability

The CVSS base score of 8.6 classifies this flaw as high severity, and the EPSS score of less than 1% indicates a small current exploitation probability, though the flaw is publicly disclosed and could be used. The vulnerability is not listed in the CISA KEV catalogue. Attack is initiated remotely via an HTTP request to /goform/setSysAdm, so any external network reach to the device could allow exploitation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

UTT

HiPER 810G

affected

Version	Status	Constraints
`1.7.7-1711`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:utt:810g_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:utt:810g:3.0:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Utt

Hiper 810g

100%

Version	Status	Scheme	Platform
`1.7.7-1711`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the device firmware to a release newer than 1.7.7-1711 that addresses the buffer overflow.
If a firmware update cannot be applied immediately, restrict external access to the /goform/setSysAdm endpoint or the device’s administrative interface using local firewalls or access control lists.
Apply network segmentation or firewall rules to limit remote reach to the HiPER 810G unit until the patch is deployed.

Generated by OpenCVE AI on April 17, 2026 at 16:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00051.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/7wkajk/CVE-VUL/blob/main/4.md
https://github.com/7wkajk/CVE-VUL/blob/main/4.md#poc
https://vuldb.com/?ctiid.347364
https://vuldb.com/?id.347364
https://vuldb.com/?submit.756130

History

Tue, 24 Feb 2026 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Utt 810g Utt 810g Firmware
CPEs		cpe:2.3:h:utt:810g:3.0:::::::* cpe:2.3:o:utt:810g_firmware::::::::
Vendors & Products		Utt 810g Utt 810g Firmware

Mon, 23 Feb 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Utt Utt hiper 810g
Vendors & Products		Utt Utt hiper 810g

Mon, 23 Feb 2026 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 23 Feb 2026 08:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of the argument passwd1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title		UTT HiPER 810G setSysAdm strcpy buffer overflow
Weaknesses		CWE-119 CWE-120
References		https://github.com/7wkajk/CVE-VUL/blob/main/4.md https://github.com/7wkajk/CVE-VUL/blob/main/4.md#poc https://vuldb.com/?ctiid.347364 https://vuldb.com/?id.347364 https://vuldb.com/?submit.756130
Metrics		cvssV2_0 `{'score': 8.3, 'vector': 'AV:N/AC:L/Au:M/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.2, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Utt 810g 810g Firmware Hiper 810g

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-02-23T08:32:07.129Z

Updated: 2026-02-23T12:48:26.819Z

Reserved: 2026-02-22T16:17:20.503Z

Link: CVE-2026-2980

Vulnrichment

Updated: 2026-02-23T12:48:20.269Z

NVD

Status : Analyzed

Published: 2026-02-23T09:17:01.647

Modified: 2026-02-24T20:04:10.060

Link: CVE-2026-2980

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-17T16:30:05Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object