Description
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Published: 2026-04-06
Score: 4.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

A buffer overflow exists in the pools parameter of the formArpBindConfig function on the UTT Aggressive HiPER 1200GW router firmware v2.5.3‑170306, enabling attackers to trigger a DoS through crafted input. This flaw corresponds to CWE‑120 and can be exploited by sending malformed data that overflows the buffer, causing the device to become unresponsive.

Affected Systems

The vulnerable product is the UTT Aggressive HiPER 1200GW router (model 1200GW) running firmware version 2.5.3‑170306. The CPE entries indicate a hardware device and its firmware. No other affected versions are listed.

Risk and Exploitability

The CVSS score of 4.5 indicates moderate risk and the EPSS score of less than 1% suggests a low probability of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through the device’s management or configuration interface, where an attacker sends a specially crafted payload to the formArpBindConfig function.

Generated by OpenCVE AI on April 10, 2026 at 19:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the UTT Aggressive HiPER 1200GW firmware to a version that resolves the buffer overflow
  • If a firmware update is unavailable, restrict access to the device’s management interface to trusted networks only
  • Monitor the device for repeated failures or restarts that may indicate attempted exploitation
  • Verify device stability after applying the update or implementing temporary restrictions

Generated by OpenCVE AI on April 10, 2026 at 19:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in formArpBindConfig Causing Device Denial of Service

Fri, 10 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Utt 1200gw
Utt 1200gw Firmware
CPEs cpe:2.3:h:utt:1200gw:-:*:*:*:*:*:*:*
cpe:2.3:o:utt:1200gw_firmware:*:*:*:*:*:*:*:*
Vendors & Products Utt 1200gw
Utt 1200gw Firmware

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in formArpBindConfig Causing Device Denial of Service

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in formArpBindConfig Causes DoS on UTT Aggressive HiPER 1200GW
Weaknesses CWE-122
CWE-787

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in formArpBindConfig Causes DoS on UTT Aggressive HiPER 1200GW
First Time appeared Utt
Utt hiper 1200gw
Weaknesses CWE-120
CWE-122
CWE-787
Vendors & Products Utt
Utt hiper 1200gw
Metrics cvssV3_1

{'score': 4.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
References

Subscriptions

Utt 1200gw 1200gw Firmware Hiper 1200gw
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T19:53:14.500Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31063

cve-icon Vulnrichment

Updated: 2026-04-06T19:52:49.290Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T15:17:08.953

Modified: 2026-04-10T18:19:19.773

Link: CVE-2026-31063

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:27:52Z

Weaknesses