Description
A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-04-30
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is caused by an unchecked strcpy in the formRemoteControl endpoint of the UTT HiPER 1200GW device. This oversight permits a buffer overflow when remote data is accepted, potentially enabling an attacker to execute arbitrary code or otherwise compromise the device’s confidentiality, integrity, or availability. The flaw is a classic example of the unchecked string copy weakness identified by CWE‑119 and the resulting buffer overflow identified by CWE‑120.

Affected Systems

UTT HiPER 1200GW devices running firmware versions up to 2.5.3‑170306 are impacted. The flaw exists in the GoForm web interface, specifically the /goform/formRemoteControl handler.

Risk and Exploitability

The CVSS score of 8.7 denotes a high severity vulnerability, and the lack of an EPSS rating means current exploitation probability cannot be quantified but it remains possible. The flaw is exploitable remotely from any network that can reach the device, making it a significant risk for exposed devices. Because the vulnerability is not listed in CISA’s KEV catalog, no known publicly documented exploits have been recorded yet, but the nature of the attack vector suggests that an interested actor could craft a malicious HTTP request to trigger the overflow.

Generated by OpenCVE AI on May 2, 2026 at 00:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update for the UTT HiPER 1200GW device that addresses the strcpy buffer overflow in /goform/formRemoteControl.
  • If an update is not immediately available, restrict external access to the /goform/formRemoteControl endpoint by configuring firewall rules or applying IP‑based access controls to limit reach to trusted internal networks only.
  • Disable or remove the remote‑control functionality from the device’s configuration to eliminate the vulnerable API endpoint until a patch can be applied.

Generated by OpenCVE AI on May 2, 2026 at 00:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 01 May 2026 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Utt
Utt hiper 1200gw
Vendors & Products Utt
Utt hiper 1200gw

Fri, 01 May 2026 00:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title UTT HiPER 1200GW formRemoteControl strcpy buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Utt Hiper 1200gw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-30T23:45:10.007Z

Reserved: 2026-04-30T15:29:13.616Z

Link: CVE-2026-7513

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-01T00:16:25.443

Modified: 2026-05-01T15:26:24.553

Link: CVE-2026-7513

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T00:15:06Z

Weaknesses