CVE-2026-4318 - Vulnerability Details

- UTT HiPER 810G formApLbConfig strcpy buffer overflow

Description

A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Published: 2026-03-17

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A buffer overflow exists in the strcpy function within the /goform/formApLbConfig handler of UTT HiPER 810G. By manipulating the loadBalanceNameOld argument, a remote attacker can overflow a buffer, potentially leading to memory corruption. The vulnerability is identified as CWE-119 (Buffer Overflow) and CWE-120 (Buffer-Related Error). If successfully exploited, the attacker could gain arbitrary code execution or crash the device, impacting confidentiality, integrity, and availability of the network equipment.

Affected Systems

All UTT HiPER 810G devices running firmware versions up to and including 1.7.7‑171114 are affected. No specific sub‑models or later releases are listed as impacted.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. The exploit is publicly disclosed and can be initiated remotely through the formApLbConfig endpoint. While the EPSS score is not available and the vulnerability is not in the CISA KEV catalog, the remote nature and lack of mitigation make it likely to be targeted. Exploit conditions require the ability to send crafted input to the loadBalanceNameOld parameter.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

UTT

HiPER 810G

affected

Version	Status	Constraints
`1.7.7-171114`	affected	—

No data.

Vendor Product Confidence Versions

Utt

Hiper 810g

100%

Version	Status	Scheme	Platform
`1.7.7-171114`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check for and apply any available security patches or firmware updates for UTT HiPER 810G from the vendor
If no patch is available, restrict external access to the /goform/formApLbConfig endpoint, for example by firewall rules or by placing the device behind a trusted network segment
Enable logging on the device to capture unusual requests to loadBalanceNameOld and monitor for signs of exploitation
Consider temporarily disabling load balancing configuration via administrative settings until a patch is applied
Verify the integrity of device configuration after any changes and conduct a vulnerability scan to confirm remediation

Generated by OpenCVE AI on March 17, 2026 at 16:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Exploitation poc

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/xiaoheshang404/cve/issues/1#issue-4026284809
https://vuldb.com/?ctiid.351362
https://vuldb.com/?id.351362
https://vuldb.com/?submit.772659

History

Wed, 18 Mar 2026 12:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Utt Utt hiper 810g
Vendors & Products		Utt Utt hiper 810g

Tue, 17 Mar 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 17 Mar 2026 15:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Title		UTT HiPER 810G formApLbConfig strcpy buffer overflow
Weaknesses		CWE-119 CWE-120
References		https://github.com/xiaoheshang404/cve/issues/1#issue-4026284809 https://vuldb.com/?ctiid.351362 https://vuldb.com/?id.351362 https://vuldb.com/?submit.772659
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Utt Hiper 810g

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-03-17T15:02:10.145Z

Updated: 2026-03-17T15:15:34.047Z

Reserved: 2026-03-17T10:23:59.177Z

Link: CVE-2026-4318

Vulnrichment

Updated: 2026-03-17T15:15:13.755Z

NVD

Status : Awaiting Analysis

Published: 2026-03-17T15:16:19.650

Modified: 2026-03-18T14:52:44.227

Link: CVE-2026-4318

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-24T10:49:15Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation poc

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object