Description
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of the formConfigDnsFilterGlobal function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Published: 2026-04-06
Score: 4.5 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

A buffer overflow exists in the timeRangeName parameter of the formConfigDnsFilterGlobal function in the UTT Aggressive HiPER 1200GW firmware. The overflow allows malicious input to corrupt the program’s memory and crash the service, resulting in a denial of service of the device or network function. The weakness is a classic buffer overflow that can be triggered by crafting oversized or specially structured input values.

Affected Systems

The vulnerability affects UTT Aggressive HiPER 1200GW model version v2.5.3‑170306. Devices running this firmware version are susceptible to the overflow via the timeRangeName field of the DNS filter configuration form.

Risk and Exploitability

The CVSS score is not provided, and no EPSS value or KEV listing is available. Nevertheless, the vulnerability permits remote exploitation by supplying an oversized timeRangeName string, likely over the device’s web or API interface. Successful exploitation results in a service crash and loss of availability. Given that the flaw is a clear buffer overflow, the potential impact is high for systems where uptime is critical. Attacks would require network access to the device’s management interface and the ability to send crafted configuration requests.

Generated by OpenCVE AI on April 6, 2026 at 17:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the UTT Aggressive HiPER 1200GW firmware to a version that resolves the buffer overflow.
  • If an update is not yet available, limit the length of the timeRangeName field or apply input validation at the web interface to prevent excessively large values.
  • Apply firewall or network segmentation rules that restrict unauthorized management access to the device.
  • Monitor device logs for crashes or abnormal restarts and respond promptly.

Generated by OpenCVE AI on April 6, 2026 at 17:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in timeRangeName Parameter Leading to Denial of Service in UTT Aggressive HiPER 1200GW v2.5.3-170306
First Time appeared Utt
Utt hiper 1200gw
Weaknesses CWE-119
CWE-120
CWE-121
Vendors & Products Utt
Utt hiper 1200gw
Metrics cvssV3_1

{'score': 4.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of the formConfigDnsFilterGlobal function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
References

Subscriptions

Utt Hiper 1200gw
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T19:44:56.292Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31058

cve-icon Vulnrichment

Updated: 2026-04-06T19:44:42.439Z

cve-icon NVD

Status : Received

Published: 2026-04-06T15:17:08.090

Modified: 2026-04-06T20:16:22.200

Link: CVE-2026-31058

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:47:59Z

Weaknesses