CVE-2026-4487
Remote Buffer Overflow in UTT HiPER 1200GW strcpy Function
Publication date: 2026-03-20
Last updated on: 2026-03-20
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | hiper_1200gw | to 2.5.3-170306 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4487 is a critical buffer overflow vulnerability in the UTT HiPER 1200GW router firmware up to version 2.5.3-170306. It occurs in the handling of HTTP POST requests to the endpoint /goform/websHostFilter, where user input from the parameter addHostFilter is copied into a buffer using the unsafe strcpy function without checking the input length.
Because there is no boundary check on the input size, an attacker can overflow the buffer by sending a large payload, potentially causing the router to crash or allowing arbitrary code execution.
The attack requires authentication via Digest authentication with valid credentials, and a proof-of-concept exists demonstrating how to exploit this vulnerability.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to remotely exploit the router, potentially causing denial of service (DoS) by crashing the device or executing arbitrary code.
Such exploitation could disrupt network connectivity, compromise the security of your network, and allow further attacks or unauthorized access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint /goform/websHostFilter on the UTT HiPER 1200GW router. The request should include a large payload in the addHostFilter parameter to test for buffer overflow behavior.'}, {'type': 'paragraph', 'content': 'The attack requires Digest authentication with valid credentials, so detection commands should include authentication headers.'}, {'type': 'paragraph', 'content': 'An example command using curl to test the vulnerability might be:'}, {'type': 'list_item', 'content': 'curl -X POST -u username:password --digest -d "addHostFilter=$(python3 -c \'print("A"*1000)\')" http://[router_ip]/goform/websHostFilter'}, {'type': 'paragraph', 'content': 'If the router crashes, behaves unexpectedly, or returns an error related to buffer overflow, it indicates the presence of the vulnerability.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint /goform/websHostFilter by limiting network access to trusted users only.
Ensure that strong authentication credentials are used to prevent unauthorized access, as the exploit requires valid Digest authentication.
Monitor the router for unusual behavior or crashes that may indicate exploitation attempts.
If possible, update the router firmware to a version later than v2.5.3-170306 where the vulnerability is fixed.
If no patch is available, consider isolating the device from untrusted networks until a fix is applied.