CVE-2026-2981
Remote Buffer Overflow in UTT HiPER 810G strcpy Function
Publication date: 2026-02-23
Last updated on: 2026-02-24
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | 810g_firmware | to 1.7.7-171114 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can have severe impacts including compromising the confidentiality, integrity, and availability of the affected system.
An attacker can remotely exploit the buffer overflow to cause denial of service (DoS) or potentially execute arbitrary code on the device.
Since the exploit requires no physical or local access and is publicly available, the risk of exploitation is high.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2026-2981 is a critical buffer overflow vulnerability found in the UTT HiPER 810G device firmware up to version 1.7.7-1711. The flaw exists in the strcpy function within the file /goform/formTaskEdit_ap, specifically when handling the argument txtMin2.
The strcpy function copies input data without validating that the input size fits within the destination buffer, leading to a classic buffer overflow (CWE-120). This overflow can be triggered remotely by sending a specially crafted request to the vulnerable endpoint.
Because of this, an attacker can exploit the vulnerability to compromise the affected system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for specially crafted requests sent to the endpoint /goform/formTaskEdit_ap on UTT HiPER 810G devices running vulnerable firmware versions. Since the exploit involves sending a malicious argument txtMin2 that triggers a buffer overflow via the strcpy function, network intrusion detection systems (NIDS) or web application firewalls (WAF) could be configured to detect unusual or malformed HTTP requests targeting this endpoint.'}, {'type': 'paragraph', 'content': 'Specific commands to detect exploitation attempts are not provided in the available resources. However, network administrators can use packet capture tools like tcpdump or Wireshark to filter HTTP requests to /goform/formTaskEdit_ap and inspect the parameters for suspiciously large or malformed txtMin2 values.'}, {'type': 'list_item', 'content': "Example tcpdump command to capture traffic to the vulnerable endpoint: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/formTaskEdit_ap'"}, {'type': 'list_item', 'content': 'Use curl or similar tools to test the endpoint manually by sending crafted requests with large txtMin2 parameters to observe if the device behaves unexpectedly.'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
There are no known mitigations or countermeasures identified for this vulnerability according to the available information.
The recommended immediate step is to replace the affected product or component with a non-vulnerable version or device.
Additionally, restricting remote access to the vulnerable endpoint and monitoring for exploitation attempts can help reduce risk until a patch or update is available.