Description
A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Published: 2026-04-30
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow caused by the unsafe use of strcpy in the /goform/formUser handler of UTT HiPER 1200GW firmware. An attacker can supply an excessively long input that overwrites adjacent memory, potentially enabling arbitrary code execution, a system crash, or other memory corruption effects. The primary impact is the compromise of the device’s confidentiality, integrity, and availability through unauthorized code execution.

Affected Systems

Devices running UTT HiPER 1200GW firmware versions up to 2.5.3-1703 are affected. The flaw resides in the web‑interface handler formUser; no later firmware revision is noted as solving the issue, so all earlier releases remain vulnerable.

Risk and Exploitability

The CVSS score of 8.7 reflects high severity, and although no EPSS value is available, the vulnerability is not listed in the CISA KEV catalog. The attack vector is remote, as the weakness exists in a publicly exposed web endpoint, and published exploits are available. An attacker can trigger the overflow by crafting a request to /goform/formUser, leading to potential remote code execution if the overflow is successfully exploited.

Generated by OpenCVE AI on May 1, 2026 at 04:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest UTT HiPER 1200GW firmware update that fixes the strcpy buffer overflow in the /goform/formUser endpoint.
  • Block remote access to the /goform/formUser endpoint using network perimeter controls until a patch is available.
  • Disable remote administration of the device through the formUser interface until the vulnerability is remediated.

Generated by OpenCVE AI on May 1, 2026 at 04:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 01 May 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Utt
Utt hiper 1200gw
Vendors & Products Utt
Utt hiper 1200gw

Fri, 01 May 2026 00:00:00 +0000

Type Values Removed Values Added
Description A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Title UTT HiPER 1200GW formUser strcpy buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Utt Hiper 1200gw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-01T14:18:41.695Z

Reserved: 2026-04-30T15:29:10.203Z

Link: CVE-2026-7512

cve-icon Vulnrichment

Updated: 2026-05-01T14:18:37.805Z

cve-icon NVD

Status : Deferred

Published: 2026-05-01T00:16:25.257

Modified: 2026-05-01T15:26:24.553

Link: CVE-2026-7512

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T05:00:12Z

Weaknesses