CVE-2026-3700
Buffer Overflow in UTT HiPER 810G strcpy Enables Remote Exploit
Publication date: 2026-03-08
Last updated on: 2026-03-10
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | 810g_firmware | to 1.7.7-171114 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3700 is a critical buffer overflow vulnerability in the UTT HiPER 810G router firmware up to version 1.7.7-171114. The flaw occurs in the strcpy function within the /goform/formConfigDnsFilterGlobal endpoint, where data is copied into a buffer without proper bounds checking. This unsafe copying can overflow the buffer, allowing an attacker to manipulate the system remotely.
How can this vulnerability impact me? :
This vulnerability can be exploited remotely to cause a buffer overflow, potentially leading to denial of service (DoS) or other exploit scenarios. It impacts the confidentiality, integrity, and availability of the affected system, allowing attackers to compromise the router without requiring physical or local access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring HTTP requests to the endpoint /goform/formConfigDnsFilterGlobal on UTT HiPER 810G devices running firmware up to version 1.7.7-171114.'}, {'type': 'paragraph', 'content': 'Detection can involve checking for unusual or malformed HTTP requests targeting this endpoint that attempt to exploit the buffer overflow via the strcpy function.'}, {'type': 'paragraph', 'content': 'Since the exploit is triggered by a specific HTTP request, network monitoring tools or intrusion detection systems (IDS) can be configured to alert on requests to /goform/formConfigDnsFilterGlobal with suspicious payloads.'}, {'type': 'list_item', 'content': "Use network packet capture tools like tcpdump or Wireshark to filter HTTP traffic to the vulnerable endpoint, e.g., tcpdump -i <interface> 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' and inspect requests to /goform/formConfigDnsFilterGlobal."}, {'type': 'list_item', 'content': 'Use curl or wget commands to test the endpoint manually by sending crafted HTTP POST requests to /goform/formConfigDnsFilterGlobal and observe the device behavior.'}, {'type': 'list_item', 'content': 'Deploy IDS/IPS signatures that detect attempts to exploit strcpy buffer overflow patterns targeting this endpoint.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint /goform/formConfigDnsFilterGlobal by implementing network-level controls such as firewall rules to block unauthorized or external HTTP requests to the device.
Since no known countermeasures or patches are documented, it is recommended to replace the affected UTT HiPER 810G device with a secure alternative or upgrade the firmware if a fixed version becomes available.
Additionally, monitor the device for signs of exploitation and consider isolating it from untrusted networks to reduce exposure.