Description
A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affected element is the function strcpy of the file /goform/formP2PLimitConfig. The manipulation of the argument except leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Published: 2026-02-23
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability exists in UTT HiPER 810G firmware versions up to 1.7.7‑171114 in the strcpy routine that processes the /goform/formP2PLimitConfig request. An attacker can send a specially crafted string that overflows the buffer, leading to arbitrary code execution in the device’s firmware. The flaw is a classic stack-based buffer overflow (CWE‑119/CWE‑120).

Affected Systems

Systems running UTT HiPER 810G firmware up to version 1.7.7‑171114 are susceptible. The affected component resides at cpe:2.3:h:utt:810g:3.0:* and the firmware CPE cpe:2.3:o:utt:810g_firmware:*.

Risk and Exploitability

With a CVSS base score of 8.7 the vulnerability is classified as high. EPSS indicates a low exploitation probability (< 1 %), yet a publicly available exploit has been published, implying that the attack can be launched remotely via the web interface. The weakness allows remote attackers to overwrite memory and execute arbitrary code, and it is not currently listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 17, 2026 at 16:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to a version that contains the fix for the strcpy buffer overflow.
  • Limit remote access to the device’s management interface, or block the /goform/formP2PLimitConfig endpoint for unauthorized users.
  • Enable logging and monitor for abnormal request lengths or repeated attempts to trigger the buffer overflow, and block offending IPs.

Generated by OpenCVE AI on April 17, 2026 at 16:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Utt 810g
Utt 810g Firmware
CPEs cpe:2.3:h:utt:810g:3.0:*:*:*:*:*:*:*
cpe:2.3:o:utt:810g_firmware:*:*:*:*:*:*:*:*
Vendors & Products Utt 810g
Utt 810g Firmware

Tue, 24 Feb 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Utt
Utt hiper 810g
Vendors & Products Utt
Utt hiper 810g

Mon, 23 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affected element is the function strcpy of the file /goform/formP2PLimitConfig. The manipulation of the argument except leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Title UTT HiPER 810G formP2PLimitConfig strcpy buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Utt 810g 810g Firmware Hiper 810g
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T15:38:52.078Z

Reserved: 2026-02-23T09:30:55.376Z

Link: CVE-2026-3016

cve-icon Vulnrichment

Updated: 2026-02-23T15:38:44.189Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-23T16:29:38.170

Modified: 2026-02-24T21:40:07.930

Link: CVE-2026-3016

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T16:30:05Z

Weaknesses