CVE-2026-3815
Remote Buffer Overflow in UTT HiPER 810G strcpy Function
Publication date: 2026-03-09
Last updated on: 2026-03-10
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | 810g_firmware | to 1.7.7-171114 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3815 is a critical buffer overflow vulnerability found in the UTT HiPER 810G device, specifically in the strcpy function within the /goform/formApMail endpoint.
The vulnerability occurs because the code copies input data to a buffer without verifying that the input size fits within the buffer, leading to a classic buffer overflow condition.
An attacker can exploit this remotely by sending a specially crafted HTTP request with a large payload in the senderEmail parameter, causing the strcpy function to overflow the buffer and potentially overwrite memory.
This unsafe string handling can lead to denial of service or arbitrary code execution.
How can this vulnerability impact me? :
This vulnerability can be exploited remotely without requiring physical or local access.
An attacker can cause a buffer overflow that may lead to denial of service (DoS), compromising the availability of the affected device.
More severely, the attacker could execute arbitrary code, potentially compromising the confidentiality, integrity, and availability of the system.
Since a proof-of-concept exploit is publicly available, the risk of exploitation is high.
No known mitigations or countermeasures have been documented, so replacing the affected product is recommended to avoid risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending crafted HTTP POST requests to the vulnerable endpoint `/goform/formApMail` on the UTT HiPER 810G device. Specifically, the exploit targets the `senderEmail` parameter with a very large string payload to trigger the buffer overflow.'}, {'type': 'paragraph', 'content': 'A detection method involves monitoring network traffic for unusual or large POST requests to `/goform/formApMail` or attempting to reproduce the exploit in a controlled environment by sending a POST request with a large payload in the `senderEmail` field.'}, {'type': 'paragraph', 'content': 'Example command using curl to test the vulnerability (replace <target_ip> and <auth> accordingly):'}, {'type': 'list_item', 'content': 'curl -X POST http://<target_ip>/goform/formApMail -H "Authorization: Digest <auth>" -H "Content-Type: application/x-www-form-urlencoded" -d "senderEmail=$(python3 -c \'print("a"*1000)\')"'}, {'type': 'paragraph', 'content': 'Monitoring tools or intrusion detection systems can be configured to alert on such large or malformed POST requests to this endpoint.'}] [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint `/goform/formApMail` by implementing network-level controls such as firewall rules to block unauthorized or external access to the device.
Since no known software mitigations or patches are documented, it is recommended to replace the affected UTT HiPER 810G device or upgrade its firmware if a fixed version becomes available.
Additionally, monitoring for exploit attempts and disabling or limiting remote management interfaces can reduce exposure.