Description
A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
Published: 2026-02-23
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

Buffer overflow in the strcpy call of the /goform/formTaskEdit_ap endpoint allows an attacker to send an overly long txtMin2 argument, causing the stack to be corrupted and potentially enabling arbitrary code execution on the UTT HiPER 810G device.

Affected Systems

UTT HiPER 810G firmware versions up to and including 1.7.7-1711 are affected. No other firmware releases are listed as vulnerable.

Risk and Exploitability

The CVSS score of 8.7 classifies the vulnerability as high severity, while the EPSS score of less than 1% indicates that exploitation is unlikely but not impossible at present. The vulnerability is not yet listed in the CISA KEV catalog, but a public exploit exists. Attackers do not need special credentials to reach the vulnerable endpoint, making the flaw attractive for remote exploitation.

Generated by OpenCVE AI on April 18, 2026 at 11:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to a version newer than 1.7.7-1711 where the strcpy vulnerability has been fixed.
  • Restrict or isolate the web management interface so that only trusted networks or VPN connections can reach /goform/formTaskEdit_ap.
  • Until a patch is available, block or disable access to the formTaskEdit_ap endpoint on the device or enforce strict input length checks on the txtMin2 parameter.

Generated by OpenCVE AI on April 18, 2026 at 11:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Utt 810g
Utt 810g Firmware
CPEs cpe:2.3:h:utt:810g:3.0:*:*:*:*:*:*:*
cpe:2.3:o:utt:810g_firmware:*:*:*:*:*:*:*:*
Vendors & Products Utt 810g
Utt 810g Firmware

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Utt
Utt hiper 810g
Vendors & Products Utt
Utt hiper 810g

Mon, 23 Feb 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 09:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
Title UTT HiPER 810G formTaskEdit_ap strcpy buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Utt 810g 810g Firmware Hiper 810g
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T12:46:56.460Z

Reserved: 2026-02-22T16:17:24.736Z

Link: CVE-2026-2981

cve-icon Vulnrichment

Updated: 2026-02-23T12:46:50.848Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-23T09:17:01.877

Modified: 2026-02-24T20:02:48.553

Link: CVE-2026-2981

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T11:15:35Z

Weaknesses