CVE-2026-1162
Buffer Overflow in UTT HiPER 810 /goform/setSysAdm Allows Remote Exploit
Publication date: 2026-01-19
Last updated on: 2026-02-06
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | hiper | 1.7.4-141218 |
| utt | 810_firmware | 1.7.4-141218 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability impacts the confidentiality, integrity, and availability of the affected system, which are core principles in standards like GDPR and HIPAA. Because it allows remote exploitation potentially leading to unauthorized access or denial of service, it could cause non-compliance with these regulations by exposing sensitive data or disrupting critical services. However, no specific compliance impact or regulatory assessment is detailed in the provided resources. [3]
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the UTT HiPER 810 device firmware version 1.7.4-141218. It occurs in the strcpy function within the /goform/setSysAdm interface when handling the passwd1 parameter. The function copies the password input without checking its length, so submitting an excessively long password causes a buffer overflow. This can lead to authentication failures, infinite login prompts, and makes the backend unusable. The vulnerability can be exploited remotely and may allow denial of service or remote code execution. [1, 3]
How can this vulnerability impact me? :
The vulnerability can cause a remote denial of service by triggering an authentication failure loop and infinite login prompts, rendering the device backend unusable. It may also allow remote code execution, potentially leading to full system compromise. Recovery requires a physical factory reset as the device cannot self-recover after reboot. This means attackers can disrupt service or take control of the affected device remotely without authentication. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for abnormal authentication failure loops or infinite login prompts on the UTT HiPER 810 device, specifically related to the /goform/setSysAdm interface. Since the exploit involves submitting an excessively long passwd1 parameter causing a buffer overflow, detection can include checking for unusual HTTP POST requests to /goform/setSysAdm with unusually long passwd1 parameters. Network monitoring tools or web application firewalls can be configured to alert on such patterns. Specific commands are not provided in the resources, but inspecting HTTP logs for POST requests to /goform/setSysAdm with large passwd1 values is recommended. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of the vulnerable UTT HiPER 810 firmware version 1.7.4-141218. Since no patches or fixes are currently available, it is recommended to replace the affected product with an alternative device. Additionally, monitoring and blocking suspicious requests targeting /goform/setSysAdm with long passwd1 parameters can help reduce risk. In case the device becomes unusable due to exploitation, a physical factory reset is required as the device cannot self-recover after reboot. [1, 3]