Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
196 vulnerabilities by UTT
CVE-2026-11517 (GCVE-0-2026-11517)
Vulnerability from nvd – Published: 2026-06-08 13:15 – Updated: 2026-06-09 15:07
VLAI
Title
UTT HiPER 2610G formConfigDnsFilterGlobal strcpy buffer overflow
Summary
A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369137 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369137/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11517 | third-party-advisory |
| https://vuldb.com/submit/836278 | third-party-advisory |
| https://github.com/HungryGoogle/log_attack/tree/m… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 2610G |
Affected:
3.0.0-171107
cpe:2.3:a:utt:hiper_2610g:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11517",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T15:07:38.495027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:07:56.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/836278"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_2610g:*:*:*:*:*:*:*:*"
],
"product": "HiPER 2610G",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.0.0-171107"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liwenqing (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T13:15:09.750Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369137 | UTT HiPER 2610G formConfigDnsFilterGlobal strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369137"
},
{
"name": "VDB-369137 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369137/cti"
},
{
"name": "CVE-2026-11517 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11517"
},
{
"name": "Submit #836278 | UTT HiPER 2610G \u003c=v3.0.0-171107 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836278"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/HungryGoogle/log_attack/tree/main/index3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T18:02:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 2610G formConfigDnsFilterGlobal strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11517",
"datePublished": "2026-06-08T13:15:09.750Z",
"dateReserved": "2026-06-07T15:57:26.282Z",
"dateUpdated": "2026-06-09T15:07:56.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11516 (GCVE-0-2026-11516)
Vulnerability from nvd – Published: 2026-06-08 13:00 – Updated: 2026-06-08 15:35
VLAI
Title
UTT HiPER 2610G formNatStaticMap strcpy buffer overflow
Summary
A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in buffer overflow. The exploit has been made public and could be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369136 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369136/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11516 | third-party-advisory |
| https://vuldb.com/submit/836275 | third-party-advisory |
| https://github.com/HungryGoogle/log_attack/tree/m… | exploit |
| https://github.com/HungryGoogle/log_attack/blob/m… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 2610G |
Affected:
3.0.0-171107
cpe:2.3:a:utt:hiper_2610g:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11516",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T15:35:50.422059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T15:35:53.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/HungryGoogle/log_attack/blob/main/index1/1.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_2610g:*:*:*:*:*:*:*:*"
],
"product": "HiPER 2610G",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.0.0-171107"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liwenqing (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in buffer overflow. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T13:00:17.152Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369136 | UTT HiPER 2610G formNatStaticMap strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369136"
},
{
"name": "VDB-369136 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369136/cti"
},
{
"name": "CVE-2026-11516 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11516"
},
{
"name": "Submit #836275 | TUU HiPER 2610G \u003c=v3.0.0-171107 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836275"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/HungryGoogle/log_attack/tree/main/index1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T18:02:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 2610G formNatStaticMap strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11516",
"datePublished": "2026-06-08T13:00:17.152Z",
"dateReserved": "2026-06-07T15:57:23.448Z",
"dateUpdated": "2026-06-08T15:35:53.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10293 (GCVE-0-2026-10293)
Vulnerability from nvd – Published: 2026-06-01 21:15 – Updated: 2026-06-02 13:11
VLAI
Title
UTT HiPER 1200GW formFireWall strcpy stack-based overflow
Summary
A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367586 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367586/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10293 | third-party-advisory |
| https://vuldb.com/submit/826416 | third-party-advisory |
| https://github.com/yuezhaoshanmu/cve/blob/main/2.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-170306
cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10293",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T13:11:03.486744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T13:11:20.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:*"
],
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-170306"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Missa (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:15:07.374Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367586 | UTT HiPER 1200GW formFireWall strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367586"
},
{
"name": "VDB-367586 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367586/cti"
},
{
"name": "CVE-2026-10293 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10293"
},
{
"name": "Submit #826416 | UTT HiPER 1250GW \u003c=v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/826416"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/yuezhaoshanmu/cve/blob/main/2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T19:52:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW formFireWall strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10293",
"datePublished": "2026-06-01T21:15:07.374Z",
"dateReserved": "2026-05-31T17:47:49.156Z",
"dateUpdated": "2026-06-02T13:11:20.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10292 (GCVE-0-2026-10292)
Vulnerability from nvd – Published: 2026-06-01 21:00 – Updated: 2026-06-02 15:46
VLAI
Title
UTT HiPER 1200GW formTaskEdit strcpy stack-based overflow
Summary
A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367585 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367585/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10292 | third-party-advisory |
| https://vuldb.com/submit/826415 | third-party-advisory |
| https://github.com/yuezhaoshanmu/cve/blob/main/1.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-170306
cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10292",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T15:13:22.887163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T15:46:09.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:*"
],
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-170306"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Missa (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:00:13.399Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367585 | UTT HiPER 1200GW formTaskEdit strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367585"
},
{
"name": "VDB-367585 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367585/cti"
},
{
"name": "CVE-2026-10292 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10292"
},
{
"name": "Submit #826415 | UTT HiPER 1200GW \u003c=v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/826415"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/yuezhaoshanmu/cve/blob/main/1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T19:52:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW formTaskEdit strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10292",
"datePublished": "2026-06-01T21:00:13.399Z",
"dateReserved": "2026-05-31T17:47:45.492Z",
"dateUpdated": "2026-06-02T15:46:09.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9632 (GCVE-0-2026-9632)
Vulnerability from nvd – Published: 2026-05-27 01:30 – Updated: 2026-05-28 14:19
VLAI
Title
UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow
Summary
A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365741 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365741/cti | signaturepermissions-required |
| https://vuldb.com/submit/818383 | third-party-advisory |
| https://github.com/luozhibo-sec/cve/blob/main/12.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9632",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T14:18:17.198956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:19:32.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "luozhibo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T01:30:11.707Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365741 | UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365741"
},
{
"name": "VDB-365741 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365741/cti"
},
{
"name": "Submit #818383 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818383"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/luozhibo-sec/cve/blob/main/12.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:54:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9632",
"datePublished": "2026-05-27T01:30:11.707Z",
"dateReserved": "2026-05-26T17:49:19.767Z",
"dateUpdated": "2026-05-28T14:19:32.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9631 (GCVE-0-2026-9631)
Vulnerability from nvd – Published: 2026-05-27 01:15 – Updated: 2026-05-27 12:31
VLAI
Title
UTT HiPER 1250GW Web Management formConfigFastDirectionW strcpy stack-based overflow
Summary
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365740 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365740/cti | signaturepermissions-required |
| https://vuldb.com/submit/818375 | third-party-advisory |
| https://github.com/zhouguobing-maker/cve/blob/mai… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9631",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T12:31:06.835017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T12:31:13.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zhouguobing (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T01:15:09.839Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365740 | UTT HiPER 1250GW Web Management formConfigFastDirectionW strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365740"
},
{
"name": "VDB-365740 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365740/cti"
},
{
"name": "Submit #818375 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818375"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/zhouguobing-maker/cve/blob/main/11.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:53:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW Web Management formConfigFastDirectionW strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9631",
"datePublished": "2026-05-27T01:15:09.839Z",
"dateReserved": "2026-05-26T17:48:33.182Z",
"dateUpdated": "2026-05-27T12:31:13.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9628 (GCVE-0-2026-9628)
Vulnerability from nvd – Published: 2026-05-27 01:00 – Updated: 2026-05-28 14:37
VLAI
Title
UTT HiPER 1200GW Web Management formPptpClientConfig stack-based overflow
Summary
A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365684 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365684/cti | signaturepermissions-required |
| https://vuldb.com/submit/818380 | third-party-advisory |
| https://github.com/luozhibo-sec/cve/blob/main/10.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-170306
cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9628",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:40:24.800526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:37:46.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-170306"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "luozhibo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T01:00:13.208Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365684 | UTT HiPER 1200GW Web Management formPptpClientConfig stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365684"
},
{
"name": "VDB-365684 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365684/cti"
},
{
"name": "Submit #818380 | UTT HiPER 1200GW \u003c=v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818380"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/luozhibo-sec/cve/blob/main/10.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:30:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW Web Management formPptpClientConfig stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9628",
"datePublished": "2026-05-27T01:00:13.208Z",
"dateReserved": "2026-05-26T17:25:32.089Z",
"dateUpdated": "2026-05-28T14:37:46.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9627 (GCVE-0-2026-9627)
Vulnerability from nvd – Published: 2026-05-27 00:45 – Updated: 2026-05-27 14:27
VLAI
Title
UTT HiPER 1200GW Web Management setSysAdm strcpy buffer overflow
Summary
A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365683 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365683/cti | signaturepermissions-required |
| https://vuldb.com/submit/818374 | third-party-advisory |
| https://github.com/zhouguobing-maker/cve/blob/main/9.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-170306
cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9627",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T14:27:44.793691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:27:55.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-170306"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zhouguobing (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T00:45:12.157Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365683 | UTT HiPER 1200GW Web Management setSysAdm strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365683"
},
{
"name": "VDB-365683 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365683/cti"
},
{
"name": "Submit #818374 | UTT HiPER 1200GW v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818374"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/zhouguobing-maker/cve/blob/main/9.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:30:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW Web Management setSysAdm strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9627",
"datePublished": "2026-05-27T00:45:12.157Z",
"dateReserved": "2026-05-26T17:25:29.671Z",
"dateUpdated": "2026-05-27T14:27:55.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7513 (GCVE-0-2026-7513)
Vulnerability from nvd – Published: 2026-04-30 23:45 – Updated: 2026-05-04 16:55
VLAI
Title
UTT HiPER 1200GW formRemoteControl strcpy buffer overflow
Summary
A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360324 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360324/cti | signaturepermissions-required |
| https://vuldb.com/submit/803996 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-170306
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7513",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T16:54:37.993904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T16:55:44.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-170306"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T23:45:10.007Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360324 | UTT HiPER 1200GW formRemoteControl strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360324"
},
{
"name": "VDB-360324 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360324/cti"
},
{
"name": "Submit #803996 | UTT HiPER 1200GW \u003c=v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803996"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/4/4.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-30T17:34:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW formRemoteControl strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7513",
"datePublished": "2026-04-30T23:45:10.007Z",
"dateReserved": "2026-04-30T15:29:13.616Z",
"dateUpdated": "2026-05-04T16:55:44.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7512 (GCVE-0-2026-7512)
Vulnerability from nvd – Published: 2026-04-30 23:30 – Updated: 2026-05-01 14:18
VLAI
Title
UTT HiPER 1200GW formUser strcpy buffer overflow
Summary
A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360323 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360323/cti | signaturepermissions-required |
| https://vuldb.com/submit/803995 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/tree/main/4035/3 | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-1703
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T14:18:29.221251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T14:18:41.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-1703"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T23:30:13.124Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360323 | UTT HiPER 1200GW formUser strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360323"
},
{
"name": "VDB-360323 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360323/cti"
},
{
"name": "Submit #803995 | UTT HiPER 1200GW \u003c=v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803995"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/tree/main/4035/3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-30T17:34:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW formUser strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7512",
"datePublished": "2026-04-30T23:30:13.124Z",
"dateReserved": "2026-04-30T15:29:10.203Z",
"dateUpdated": "2026-05-01T14:18:41.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7420 (GCVE-0-2026-7420)
Vulnerability from nvd – Published: 2026-04-29 22:30 – Updated: 2026-04-30 13:48
VLAI
Title
UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow
Summary
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360157 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360157/cti | signaturepermissions-required |
| https://vuldb.com/submit/803997 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7420",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:47:14.002298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:48:41.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:30:12.855Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360157 | UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360157"
},
{
"name": "VDB-360157 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360157/cti"
},
{
"name": "Submit #803997 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803997"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/5/5.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T16:19:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7420",
"datePublished": "2026-04-29T22:30:12.855Z",
"dateReserved": "2026-04-29T14:14:39.456Z",
"dateUpdated": "2026-04-30T13:48:41.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7419 (GCVE-0-2026-7419)
Vulnerability from nvd – Published: 2026-04-29 22:15 – Updated: 2026-04-30 13:11
VLAI
Title
UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow
Summary
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360156 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360156/cti | signaturepermissions-required |
| https://vuldb.com/submit/803994 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7419",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:10:53.983295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:11:06.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:15:10.993Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360156 | UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360156"
},
{
"name": "VDB-360156 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360156/cti"
},
{
"name": "Submit #803994 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803994"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/2/2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T16:19:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7419",
"datePublished": "2026-04-29T22:15:10.993Z",
"dateReserved": "2026-04-29T14:14:36.356Z",
"dateUpdated": "2026-04-30T13:11:06.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7418 (GCVE-0-2026-7418)
Vulnerability from nvd – Published: 2026-04-29 22:00 – Updated: 2026-04-30 12:12
VLAI
Title
UTT HiPER 1250GW NTP strcpy buffer overflow
Summary
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360155 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360155/cti | signaturepermissions-required |
| https://vuldb.com/submit/803993 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7418",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T12:12:08.781314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T12:12:24.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:00:13.518Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360155 | UTT HiPER 1250GW NTP strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360155"
},
{
"name": "VDB-360155 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360155/cti"
},
{
"name": "Submit #803993 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803993"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/1/1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T16:19:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW NTP strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7418",
"datePublished": "2026-04-29T22:00:13.518Z",
"dateReserved": "2026-04-29T14:14:33.304Z",
"dateUpdated": "2026-04-30T12:12:24.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6186 (GCVE-0-2026-6186)
Vulnerability from nvd – Published: 2026-04-13 15:15 – Updated: 2026-04-14 19:37
VLAI
Title
UTT HiPER 1200GW formNatStaticMap strcpy buffer overflow
Summary
A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/357108 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/357108/cti | signaturepermissions-required |
| https://vuldb.com/submit/797304 | third-party-advisory |
| https://github.com/lin-3-start/lin-cve/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-170306
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6186",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T19:33:49.505175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T19:37:43.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-170306"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "QMSSDXN (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T15:15:11.716Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-357108 | UTT HiPER 1200GW formNatStaticMap strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/357108"
},
{
"name": "VDB-357108 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/357108/cti"
},
{
"name": "Submit #797304 | UTT HiPER 1200GW \u003c=v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/797304"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Amao/1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-13T10:38:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW formNatStaticMap strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6186",
"datePublished": "2026-04-13T15:15:11.716Z",
"dateReserved": "2026-04-13T08:33:39.778Z",
"dateUpdated": "2026-04-14T19:37:43.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5566 (GCVE-0-2026-5566)
Vulnerability from nvd – Published: 2026-04-05 12:15 – Updated: 2026-04-06 15:27
VLAI
Title
UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow
Summary
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355336 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/355336/cti | signaturepermissions-required |
| https://vuldb.com/submit/782993 | third-party-advisory |
| https://github.com/Moxxkidd/CVE/issues/1 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T15:27:38.802568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:27:48.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Doma (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T12:15:10.664Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355336 | UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/355336"
},
{
"name": "VDB-355336 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355336/cti"
},
{
"name": "Submit #782993 | UTT\uff08AiTai\uff09 HiPER 1250GW \u003c= v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782993"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Moxxkidd/CVE/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T16:24:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5566",
"datePublished": "2026-04-05T12:15:10.664Z",
"dateReserved": "2026-04-04T14:19:03.601Z",
"dateUpdated": "2026-04-06T15:27:48.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11517 (GCVE-0-2026-11517)
Vulnerability from cvelistv5 – Published: 2026-06-08 13:15 – Updated: 2026-06-09 15:07
VLAI
Title
UTT HiPER 2610G formConfigDnsFilterGlobal strcpy buffer overflow
Summary
A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369137 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369137/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11517 | third-party-advisory |
| https://vuldb.com/submit/836278 | third-party-advisory |
| https://github.com/HungryGoogle/log_attack/tree/m… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 2610G |
Affected:
3.0.0-171107
cpe:2.3:a:utt:hiper_2610g:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11517",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T15:07:38.495027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:07:56.096Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/submit/836278"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_2610g:*:*:*:*:*:*:*:*"
],
"product": "HiPER 2610G",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.0.0-171107"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liwenqing (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T13:15:09.750Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369137 | UTT HiPER 2610G formConfigDnsFilterGlobal strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369137"
},
{
"name": "VDB-369137 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369137/cti"
},
{
"name": "CVE-2026-11517 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11517"
},
{
"name": "Submit #836278 | UTT HiPER 2610G \u003c=v3.0.0-171107 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836278"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/HungryGoogle/log_attack/tree/main/index3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T18:02:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 2610G formConfigDnsFilterGlobal strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11517",
"datePublished": "2026-06-08T13:15:09.750Z",
"dateReserved": "2026-06-07T15:57:26.282Z",
"dateUpdated": "2026-06-09T15:07:56.096Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11516 (GCVE-0-2026-11516)
Vulnerability from cvelistv5 – Published: 2026-06-08 13:00 – Updated: 2026-06-08 15:35
VLAI
Title
UTT HiPER 2610G formNatStaticMap strcpy buffer overflow
Summary
A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in buffer overflow. The exploit has been made public and could be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369136 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369136/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11516 | third-party-advisory |
| https://vuldb.com/submit/836275 | third-party-advisory |
| https://github.com/HungryGoogle/log_attack/tree/m… | exploit |
| https://github.com/HungryGoogle/log_attack/blob/m… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 2610G |
Affected:
3.0.0-171107
cpe:2.3:a:utt:hiper_2610g:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11516",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T15:35:50.422059Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T15:35:53.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/HungryGoogle/log_attack/blob/main/index1/1.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_2610g:*:*:*:*:*:*:*:*"
],
"product": "HiPER 2610G",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.0.0-171107"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "liwenqing (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in buffer overflow. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T13:00:17.152Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369136 | UTT HiPER 2610G formNatStaticMap strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369136"
},
{
"name": "VDB-369136 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369136/cti"
},
{
"name": "CVE-2026-11516 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11516"
},
{
"name": "Submit #836275 | TUU HiPER 2610G \u003c=v3.0.0-171107 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836275"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/HungryGoogle/log_attack/tree/main/index1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T18:02:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 2610G formNatStaticMap strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11516",
"datePublished": "2026-06-08T13:00:17.152Z",
"dateReserved": "2026-06-07T15:57:23.448Z",
"dateUpdated": "2026-06-08T15:35:53.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10293 (GCVE-0-2026-10293)
Vulnerability from cvelistv5 – Published: 2026-06-01 21:15 – Updated: 2026-06-02 13:11
VLAI
Title
UTT HiPER 1200GW formFireWall strcpy stack-based overflow
Summary
A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367586 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367586/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10293 | third-party-advisory |
| https://vuldb.com/submit/826416 | third-party-advisory |
| https://github.com/yuezhaoshanmu/cve/blob/main/2.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-170306
cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10293",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T13:11:03.486744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T13:11:20.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:*"
],
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-170306"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Missa (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:15:07.374Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367586 | UTT HiPER 1200GW formFireWall strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367586"
},
{
"name": "VDB-367586 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367586/cti"
},
{
"name": "CVE-2026-10293 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10293"
},
{
"name": "Submit #826416 | UTT HiPER 1250GW \u003c=v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/826416"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/yuezhaoshanmu/cve/blob/main/2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T19:52:56.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW formFireWall strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10293",
"datePublished": "2026-06-01T21:15:07.374Z",
"dateReserved": "2026-05-31T17:47:49.156Z",
"dateUpdated": "2026-06-02T13:11:20.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10292 (GCVE-0-2026-10292)
Vulnerability from cvelistv5 – Published: 2026-06-01 21:00 – Updated: 2026-06-02 15:46
VLAI
Title
UTT HiPER 1200GW formTaskEdit strcpy stack-based overflow
Summary
A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367585 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367585/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10292 | third-party-advisory |
| https://vuldb.com/submit/826415 | third-party-advisory |
| https://github.com/yuezhaoshanmu/cve/blob/main/1.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-170306
cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10292",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T15:13:22.887163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T15:46:09.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:*"
],
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-170306"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Missa (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T21:00:13.399Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367585 | UTT HiPER 1200GW formTaskEdit strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367585"
},
{
"name": "VDB-367585 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367585/cti"
},
{
"name": "CVE-2026-10292 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10292"
},
{
"name": "Submit #826415 | UTT HiPER 1200GW \u003c=v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/826415"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/yuezhaoshanmu/cve/blob/main/1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T19:52:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW formTaskEdit strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10292",
"datePublished": "2026-06-01T21:00:13.399Z",
"dateReserved": "2026-05-31T17:47:45.492Z",
"dateUpdated": "2026-06-02T15:46:09.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9632 (GCVE-0-2026-9632)
Vulnerability from cvelistv5 – Published: 2026-05-27 01:30 – Updated: 2026-05-28 14:19
VLAI
Title
UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow
Summary
A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365741 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365741/cti | signaturepermissions-required |
| https://vuldb.com/submit/818383 | third-party-advisory |
| https://github.com/luozhibo-sec/cve/blob/main/12.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9632",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T14:18:17.198956Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:19:32.877Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "luozhibo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T01:30:11.707Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365741 | UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365741"
},
{
"name": "VDB-365741 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365741/cti"
},
{
"name": "Submit #818383 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818383"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/luozhibo-sec/cve/blob/main/12.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:54:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW Web Management formGroupConfig strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9632",
"datePublished": "2026-05-27T01:30:11.707Z",
"dateReserved": "2026-05-26T17:49:19.767Z",
"dateUpdated": "2026-05-28T14:19:32.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9631 (GCVE-0-2026-9631)
Vulnerability from cvelistv5 – Published: 2026-05-27 01:15 – Updated: 2026-05-27 12:31
VLAI
Title
UTT HiPER 1250GW Web Management formConfigFastDirectionW strcpy stack-based overflow
Summary
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365740 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365740/cti | signaturepermissions-required |
| https://vuldb.com/submit/818375 | third-party-advisory |
| https://github.com/zhouguobing-maker/cve/blob/mai… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9631",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T12:31:06.835017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T12:31:13.557Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1250gw:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zhouguobing (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T01:15:09.839Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365740 | UTT HiPER 1250GW Web Management formConfigFastDirectionW strcpy stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365740"
},
{
"name": "VDB-365740 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365740/cti"
},
{
"name": "Submit #818375 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818375"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/zhouguobing-maker/cve/blob/main/11.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:53:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW Web Management formConfigFastDirectionW strcpy stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9631",
"datePublished": "2026-05-27T01:15:09.839Z",
"dateReserved": "2026-05-26T17:48:33.182Z",
"dateUpdated": "2026-05-27T12:31:13.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9628 (GCVE-0-2026-9628)
Vulnerability from cvelistv5 – Published: 2026-05-27 01:00 – Updated: 2026-05-28 14:37
VLAI
Title
UTT HiPER 1200GW Web Management formPptpClientConfig stack-based overflow
Summary
A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365684 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365684/cti | signaturepermissions-required |
| https://vuldb.com/submit/818380 | third-party-advisory |
| https://github.com/luozhibo-sec/cve/blob/main/10.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-170306
cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9628",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T13:40:24.800526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:37:46.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-170306"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "luozhibo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T01:00:13.208Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365684 | UTT HiPER 1200GW Web Management formPptpClientConfig stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365684"
},
{
"name": "VDB-365684 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365684/cti"
},
{
"name": "Submit #818380 | UTT HiPER 1200GW \u003c=v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818380"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/luozhibo-sec/cve/blob/main/10.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:30:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW Web Management formPptpClientConfig stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9628",
"datePublished": "2026-05-27T01:00:13.208Z",
"dateReserved": "2026-05-26T17:25:32.089Z",
"dateUpdated": "2026-05-28T14:37:46.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9627 (GCVE-0-2026-9627)
Vulnerability from cvelistv5 – Published: 2026-05-27 00:45 – Updated: 2026-05-27 14:27
VLAI
Title
UTT HiPER 1200GW Web Management setSysAdm strcpy buffer overflow
Summary
A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365683 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365683/cti | signaturepermissions-required |
| https://vuldb.com/submit/818374 | third-party-advisory |
| https://github.com/zhouguobing-maker/cve/blob/main/9.md | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-170306
cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9627",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-27T14:27:44.793691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T14:27:55.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:utt:hiper_1200gw:*:*:*:*:*:*:*:*"
],
"modules": [
"Web Management Interface"
],
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-170306"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zhouguobing (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T00:45:12.157Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365683 | UTT HiPER 1200GW Web Management setSysAdm strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365683"
},
{
"name": "VDB-365683 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365683/cti"
},
{
"name": "Submit #818374 | UTT HiPER 1200GW v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/818374"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/zhouguobing-maker/cve/blob/main/9.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T19:30:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW Web Management setSysAdm strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9627",
"datePublished": "2026-05-27T00:45:12.157Z",
"dateReserved": "2026-05-26T17:25:29.671Z",
"dateUpdated": "2026-05-27T14:27:55.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7513 (GCVE-0-2026-7513)
Vulnerability from cvelistv5 – Published: 2026-04-30 23:45 – Updated: 2026-05-04 16:55
VLAI
Title
UTT HiPER 1200GW formRemoteControl strcpy buffer overflow
Summary
A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360324 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360324/cti | signaturepermissions-required |
| https://vuldb.com/submit/803996 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-170306
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7513",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T16:54:37.993904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T16:55:44.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-170306"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T23:45:10.007Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360324 | UTT HiPER 1200GW formRemoteControl strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360324"
},
{
"name": "VDB-360324 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360324/cti"
},
{
"name": "Submit #803996 | UTT HiPER 1200GW \u003c=v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803996"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/4/4.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-30T17:34:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW formRemoteControl strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7513",
"datePublished": "2026-04-30T23:45:10.007Z",
"dateReserved": "2026-04-30T15:29:13.616Z",
"dateUpdated": "2026-05-04T16:55:44.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7512 (GCVE-0-2026-7512)
Vulnerability from cvelistv5 – Published: 2026-04-30 23:30 – Updated: 2026-05-01 14:18
VLAI
Title
UTT HiPER 1200GW formUser strcpy buffer overflow
Summary
A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360323 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360323/cti | signaturepermissions-required |
| https://vuldb.com/submit/803995 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/tree/main/4035/3 | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-1703
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7512",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-01T14:18:29.221251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-01T14:18:41.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-1703"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T23:30:13.124Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360323 | UTT HiPER 1200GW formUser strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360323"
},
{
"name": "VDB-360323 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360323/cti"
},
{
"name": "Submit #803995 | UTT HiPER 1200GW \u003c=v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803995"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/tree/main/4035/3"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-30T17:34:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW formUser strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7512",
"datePublished": "2026-04-30T23:30:13.124Z",
"dateReserved": "2026-04-30T15:29:10.203Z",
"dateUpdated": "2026-05-01T14:18:41.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7420 (GCVE-0-2026-7420)
Vulnerability from cvelistv5 – Published: 2026-04-29 22:30 – Updated: 2026-04-30 13:48
VLAI
Title
UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow
Summary
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360157 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360157/cti | signaturepermissions-required |
| https://vuldb.com/submit/803997 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7420",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:47:14.002298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:48:41.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:30:12.855Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360157 | UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360157"
},
{
"name": "VDB-360157 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360157/cti"
},
{
"name": "Submit #803997 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803997"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/5/5.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T16:19:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7420",
"datePublished": "2026-04-29T22:30:12.855Z",
"dateReserved": "2026-04-29T14:14:39.456Z",
"dateUpdated": "2026-04-30T13:48:41.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7419 (GCVE-0-2026-7419)
Vulnerability from cvelistv5 – Published: 2026-04-29 22:15 – Updated: 2026-04-30 13:11
VLAI
Title
UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow
Summary
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360156 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360156/cti | signaturepermissions-required |
| https://vuldb.com/submit/803994 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7419",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T13:10:53.983295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T13:11:06.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:15:10.993Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360156 | UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360156"
},
{
"name": "VDB-360156 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360156/cti"
},
{
"name": "Submit #803994 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803994"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/2/2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T16:19:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7419",
"datePublished": "2026-04-29T22:15:10.993Z",
"dateReserved": "2026-04-29T14:14:36.356Z",
"dateUpdated": "2026-04-30T13:11:06.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7418 (GCVE-0-2026-7418)
Vulnerability from cvelistv5 – Published: 2026-04-29 22:00 – Updated: 2026-04-30 12:12
VLAI
Title
UTT HiPER 1250GW NTP strcpy buffer overflow
Summary
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360155 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360155/cti | signaturepermissions-required |
| https://vuldb.com/submit/803993 | third-party-advisory |
| https://github.com/kirlic123/IOTvulner/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7418",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-30T12:12:08.781314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-30T12:12:24.078Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "maple_s (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T22:00:13.518Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360155 | UTT HiPER 1250GW NTP strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360155"
},
{
"name": "VDB-360155 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360155/cti"
},
{
"name": "Submit #803993 | UTT HiPER 1250GW \u003c=v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/803993"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/kirlic123/IOTvulner/blob/main/4035/1/1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-29T16:19:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW NTP strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7418",
"datePublished": "2026-04-29T22:00:13.518Z",
"dateReserved": "2026-04-29T14:14:33.304Z",
"dateUpdated": "2026-04-30T12:12:24.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6186 (GCVE-0-2026-6186)
Vulnerability from cvelistv5 – Published: 2026-04-13 15:15 – Updated: 2026-04-14 19:37
VLAI
Title
UTT HiPER 1200GW formNatStaticMap strcpy buffer overflow
Summary
A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/357108 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/357108/cti | signaturepermissions-required |
| https://vuldb.com/submit/797304 | third-party-advisory |
| https://github.com/lin-3-start/lin-cve/blob/main/… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1200GW |
Affected:
2.5.3-170306
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6186",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-14T19:33:49.505175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-14T19:37:43.525Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1200GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "2.5.3-170306"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "QMSSDXN (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in UTT HiPER 1200GW up to 2.5.3-170306. This vulnerability affects the function strcpy of the file /goform/formNatStaticMap. The manipulation of the argument NatBind leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-13T15:15:11.716Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-357108 | UTT HiPER 1200GW formNatStaticMap strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/357108"
},
{
"name": "VDB-357108 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/357108/cti"
},
{
"name": "Submit #797304 | UTT HiPER 1200GW \u003c=v2.5.3-170306 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/797304"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/lin-3-start/lin-cve/blob/main/Amao/1.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-13T10:38:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1200GW formNatStaticMap strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-6186",
"datePublished": "2026-04-13T15:15:11.716Z",
"dateReserved": "2026-04-13T08:33:39.778Z",
"dateUpdated": "2026-04-14T19:37:43.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5566 (GCVE-0-2026-5566)
Vulnerability from cvelistv5 – Published: 2026-04-05 12:15 – Updated: 2026-04-06 15:27
VLAI
Title
UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow
Summary
A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355336 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/355336/cti | signaturepermissions-required |
| https://vuldb.com/submit/782993 | third-party-advisory |
| https://github.com/Moxxkidd/CVE/issues/1 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| UTT | HiPER 1250GW |
Affected:
3.2.7-210907-180535
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5566",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T15:27:38.802568Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:27:48.716Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HiPER 1250GW",
"vendor": "UTT",
"versions": [
{
"status": "affected",
"version": "3.2.7-210907-180535"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Doma (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T12:15:10.664Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355336 | UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/355336"
},
{
"name": "VDB-355336 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355336/cti"
},
{
"name": "Submit #782993 | UTT\uff08AiTai\uff09 HiPER 1250GW \u003c= v3.2.7-210907-180535 Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782993"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Moxxkidd/CVE/issues/1"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T16:24:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "UTT HiPER 1250GW formNatStaticMap strcpy buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5566",
"datePublished": "2026-04-05T12:15:10.664Z",
"dateReserved": "2026-04-04T14:19:03.601Z",
"dateUpdated": "2026-04-06T15:27:48.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}