Description
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Published: 2026-04-29
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic buffer overflow in the strcpy function used to process the Profile field within the ConfigAdvideo component of the HiPER 1250GW firmware; this weakness can allow an attacker to corrupt memory and potentially execute arbitrary code, compromising the confidentiality, integrity, and availability of the device.

Affected Systems

UTT HiPER 1250GW devices with firmware versions up to and including 3.2.7-210907-180535 are affected; no other versions or hardware models were listed as vulnerable.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, and while an EPSS score is not available, the vulnerability is publicly available and can be exploited over the network, making the exploit highly likely and the risk significant. The vulnerability is not listed in the CISA KEV catalog at this time.

Generated by OpenCVE AI on April 30, 2026 at 03:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device firmware to a version newer than 3.2.7-210907-180535 that includes a fix for the ConfigAdvideo strcpy buffer overflow.
  • If an update is not immediately available, restrict remote access to the ConfigAdvideo interface by isolating the device on a separate VLAN or applying firewall rules to block the service from untrusted networks.
  • Monitor device logs for abnormal or repeated attempts to send unusually large Profile values, and investigate any suspicious activity promptly.

Generated by OpenCVE AI on April 30, 2026 at 03:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Utt
Utt hiper 1250gw
Vendors & Products Utt
Utt hiper 1250gw

Wed, 29 Apr 2026 22:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Title UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Utt Hiper 1250gw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-30T13:48:41.110Z

Reserved: 2026-04-29T14:14:39.456Z

Link: CVE-2026-7420

cve-icon Vulnrichment

Updated: 2026-04-30T13:48:22.669Z

cve-icon NVD

Status : Deferred

Published: 2026-04-29T23:16:20.193

Modified: 2026-04-30T14:52:54.847

Link: CVE-2026-7420

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T03:45:06Z

Weaknesses