Description
A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Published: 2026-05-27
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in UTT HiPER 1250GW's Web Management Interface leads to a stack‑based buffer overflow when the "Profile" parameter is processed by the strcpy function in /goform/formGroupConfig. This overflow can be triggered remotely, enabling an attacker to potentially execute arbitrary code on the device. The vulnerability is classified under CWE‑119 and CWE‑121, indicating unchecked buffer copying and stack overflow exploits.

Affected Systems

The affected product is UTT HiPER 1250GW, firmware versions up to 3.2.7‑210907‑180535. The flaw exists in the Web Management Interface component. Anyone using versions prior to this release is susceptible.

Risk and Exploitability

With a CVSS score of 8.7, the vulnerability is considered high severity. Although no EPSS score is available, the published exploit suggests that exploitation is feasible over the network. The vulnerability is not listed in CISA’s KEV catalog, but the fact that the exploit has already been released indicates that attackers could target affected devices if the Web Management Interface is accessible from the internet or an untrusted network.

Generated by OpenCVE AI on May 27, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device firmware to the latest version that removes the buffer overflow bug.
  • If an upgrade is not immediately possible, restrict external access to the Web Management Interface by placing the device behind a firewall and allowing connections only from trusted IP ranges.
  • As a temporary measure, disable the Web Management Interface on the device if remote configuration is not required.
  • Monitor device logs for attempts to access /goform/formGroupConfig or signs of buffer overflow exploitation.

Generated by OpenCVE AI on May 27, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 02:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Title UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow
First Time appeared Utt
Utt hiper 1250gw
Weaknesses CWE-119
CWE-121
CPEs cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:*
Vendors & Products Utt
Utt hiper 1250gw
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Utt Hiper 1250gw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-27T01:30:11.707Z

Reserved: 2026-05-26T17:49:19.767Z

Link: CVE-2026-9632

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-27T02:16:36.067

Modified: 2026-05-27T14:50:47.627

Link: CVE-2026-9632

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T03:30:06Z

Weaknesses