CVE-2026-5544 - Vulnerability Details

- UTT HiPER 1250GW formRemoteControl stack-based overflow

Description

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Published: 2026-04-05

Score: 8.7 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability is a stack-based buffer overflow that is triggered by manipulating the Profile argument to the /goform/formRemoteControl endpoint on UTT HiPER 1250GW devices. The CVE notes that the attack can be executed remotely and that an exploit has been released to the public. While the description does not explicitly state the end result, a buffer overflow of this nature can potentially lead to arbitrary code execution or other memory corruption effects, but that outcome is an inference based on the type of flaw.

Affected Systems

UTT HiPER 1250GW firmware versions up to and including 3.2.7-210907-180535 are affected. The CVE does not list newer releases, so devices running any firmware equal to or older than this version remain vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity. An exploit is publicly available, which increases the likelihood of an attack occurring. No EPSS score is provided and the vulnerability is not listed in KEV, but given the remote nature of the attack vector and the known exploit, the risk to affected systems is significant. The attack can be performed remotely without authentication through the web interface, making it accessible to a wide range of adversaries.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

UTT

HiPER 1250GW

affected

Version	Status	Constraints
`3.2.7-210907-180535`	affected	—

No data.

Vendor Product Confidence Versions

Utt

Hiper 1250gw

100%

Version	Status	Scheme	Platform
`3.2.7-210907-180535`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade UTT HiPER 1250GW firmware to a version newer than 3.2.7-210907-180535
If an immediate upgrade is not possible, restrict external access to the /goform/formRemoteControl endpoint by implementing firewall rules or network segmentation
Monitor web traffic for unexpected POST requests to /goform/formRemoteControl and investigate suspicious activity promptly

Generated by OpenCVE AI on April 5, 2026 at 08:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://github.com/jinxjinxboom/cve/issues/1
https://vuldb.com/submit/782268
https://vuldb.com/vuln/355297
https://vuldb.com/vuln/355297/cti

History

Tue, 07 Apr 2026 07:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Utt Utt hiper 1250gw
Vendors & Products		Utt Utt hiper 1250gw

Sun, 05 Apr 2026 05:45:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Title		UTT HiPER 1250GW formRemoteControl stack-based overflow
Weaknesses		CWE-119 CWE-121
References		https://github.com/jinxjinxboom/cve/issues/1 https://vuldb.com/submit/782268 https://vuldb.com/vuln/355297 https://vuldb.com/vuln/355297/cti
Metrics		cvssV2_0 `{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Utt Hiper 1250gw

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-05T04:45:11.331Z

Updated: 2026-04-07T02:40:54.277Z

Reserved: 2026-04-04T06:56:52.200Z

Link: CVE-2026-5544

Vulnrichment

Updated: 2026-04-07T02:40:49.345Z

NVD

Status : Deferred

Published: 2026-04-05T06:16:01.760

Modified: 2026-04-24T18:14:34.620

Link: CVE-2026-5544

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-06T21:57:09Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object