CVE-2026-2904
Received Received - Intake
Remote Buffer Overflow in UTT HiPER 810G strcpy Function

Publication date: 2026-02-22

Last updated on: 2026-02-24

Assigner: VulDB

Description
A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-22
Last Modified
2026-02-24
Generated
2026-06-16
AI Q&A
2026-02-22
EPSS Evaluated
2026-06-15
NVD
CVE-2026-2904
EUVD
EUVD-2026-7704
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
utt 810g_firmware to 1.7.7-171114 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2904 is a critical buffer overflow vulnerability in the UTT HiPER 810G router, specifically version 1.7.7-171114. It occurs in the handling of the HTTP request to the endpoint /goform/ConfigExceptAli, where the unsafe use of the strcpy function copies input data without checking its size. This improper copying allows an attacker to overwrite memory, leading to a buffer overflow.

The vulnerability can be triggered remotely by sending a specially crafted POST request with certain parameters, such as an excessively long string in the indexIDNew parameter or missing the Action parameter, causing the code to enter a vulnerable branch. This flaw is classified under CWE-120 and CWE-119.

Impact Analysis

Exploitation of this vulnerability can lead to denial of service (DoS) conditions by crashing the affected router. Additionally, it may allow attackers to compromise the confidentiality, integrity, and availability of the system.

Because the vulnerability allows remote exploitation with low privileges and no user interaction, attackers can potentially execute malicious code or disrupt network operations, making it a significant security risk.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious HTTP POST requests targeting the endpoint /goform/ConfigExceptAli on UTT HiPER 810G routers, especially those containing unusually long strings in parameters such as indexIDNew.'}, {'type': 'paragraph', 'content': 'A practical detection method involves capturing network traffic and searching for POST requests to /goform/ConfigExceptAli with potentially malicious payloads that could trigger the buffer overflow.'}, {'type': 'list_item', 'content': 'Use network packet capture tools like tcpdump or Wireshark to filter HTTP POST requests to /goform/ConfigExceptAli.'}, {'type': 'list_item', 'content': "Example tcpdump command: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/ConfigExceptAli'"}, {'type': 'list_item', 'content': 'Use curl or similar tools to test the endpoint with crafted inputs to verify if the system is vulnerable.'}] [2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable endpoint /goform/ConfigExceptAli by implementing network-level controls such as firewall rules to block unauthorized or external access.

Since no known countermeasures or patches are currently available, it is recommended to replace the affected UTT HiPER 810G device with a secure alternative.

Additionally, monitor the device for unusual behavior or crashes that may indicate exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2904. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart