Description
UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Published: 2026-04-06
Score: 4.5 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service via buffer overflow
Action: Apply Firmware Update
AI Analysis

Impact

A buffer overflow exists in the pools parameter of the formArpBindConfig function of UTT Aggressive HiPER 1200GW firmware v2.5.3-170306. The overflow allows an attacker to send crafted input that corrupts memory, causing the device to crash and become unavailable. The vulnerability does not enable code execution or data theft; its primary consequence is service disruption.

Affected Systems

The affected devices are UTT Aggressive HiPER 1200GW routers running firmware version 2.5.3-170306. No other products or firmware revisions are listed in the advisory, so the impact is limited to this specific model and revision.

Risk and Exploitability

The CVSS score is not specified, and the EPSS score is unavailable. The vulnerability has not been reported in the CISA Known Exploited Vulnerabilities catalog. Likely exploitation requires the ability to send a specially crafted payload to the formArpBindConfig interface, which may be accessible locally or from the external network if the device exposes this functionality. An attacker who can reach the interface can trigger a crash, resulting in a denial of service. No persistence, data exfiltration, or lateral movement is described, but repeated attacks could degrade network reliability.

Generated by OpenCVE AI on April 6, 2026 at 17:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an updated firmware release that corrects the formArpBindConfig buffer overflow.
  • If no update is available, limit or block access to the formArpBindConfig interface to trusted administrative devices.
  • Monitor device logs for recurring failures or crash events indicative of attempted exploitation.
  • Implement network segmentation to isolate the device from potentially malicious hosts.

Generated by OpenCVE AI on April 6, 2026 at 17:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in formArpBindConfig Causes DoS on UTT Aggressive HiPER 1200GW
First Time appeared Utt
Utt hiper 1200gw
Weaknesses CWE-120
CWE-122
CWE-787
Vendors & Products Utt
Utt hiper 1200gw
Metrics cvssV3_1

{'score': 4.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
References

Subscriptions

Utt Hiper 1200gw
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T19:53:14.500Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31063

cve-icon Vulnrichment

Updated: 2026-04-06T19:52:49.290Z

cve-icon NVD

Status : Received

Published: 2026-04-06T15:17:08.953

Modified: 2026-04-06T20:16:22.887

Link: CVE-2026-31063

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:47:53Z

Weaknesses