A buffer overflow exists in the timeRangeName field processed by the formConfigDnsFilterGlobal function of UTT Aggressive HiPER 1200GW. The overflow can be triggered by a character string that exceeds the allocated buffer size, allowing an attacker to send a malicious input that corrupts memory and eventually causes the device to crash or become unreachable. The vulnerability leads to loss of availability but does not directly expose confidential data or alter device configuration. The weakness is identified as a classic uncontrolled buffer overrun.

The flaw affects UTT Aggressive HiPER 1200GW firmware versions up to and including 2.5.3-170306. No newer firmware versions are listed in the source, so devices running that revision or earlier should be considered vulnerable. The product is sold by UTT and appears in the Common Platform Enumeration as an industrial networking device.

The CVSS score of 4.5 indicates a moderate impact, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, which further reduces the likelihood of widespread active attacks. Nonetheless, the attack vector is inferred to require remote access to the device’s configuration interface, as the buffer overflow is triggered by a crafted input supplied through the timeRangeName parameter. If an attacker can remotely provide this input, they could disrupt service for any user depending on the device.