CVE-2026-4488
Received Received - Intake
Remote Buffer Overflow in UTT HiPER 1250GW strcpy Function

Publication date: 2026-03-20

Last updated on: 2026-03-20

Assigner: VulDB

Description
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-20
Last Modified
2026-03-20
Generated
2026-06-16
AI Q&A
2026-03-20
EPSS Evaluated
2026-06-14
NVD
CVE-2026-4488
EUVD
EUVD-2026-13727
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
utt hiper_1250gw to 3.2.7-210907-180535 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'This vulnerability exists in the UTT HiPER 1250GW router firmware versions up to 3.2.7-210907-180535. It is caused by improper handling of the "GroupName" parameter in the API endpoint /goform/setSysAdm. Specifically, the unsafe use of the strcpy function copies attacker-controlled input into a fixed-size buffer without checking its length, leading to a stack-based buffer overflow.'}, {'type': 'paragraph', 'content': 'An attacker can exploit this remotely by sending a specially crafted POST request with an excessively large payload in the "passwd1" parameter, causing the router to overflow its stack buffer.'}, {'type': 'paragraph', 'content': 'This overflow can crash the router, resulting in a denial of service condition.'}] [1]

Impact Analysis

Exploitation of this vulnerability allows a remote attacker to cause a denial of service (DoS) on the affected router by crashing its system through a buffer overflow.

This can disrupt network connectivity and availability, potentially impacting all devices relying on the router for network access.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious POST requests to the API endpoint `/goform/setSysAdm` that contain an excessively large payload in the "passwd1" parameter.'}, {'type': 'paragraph', 'content': 'A practical detection method is to capture and analyze network traffic for such requests, especially those with unusually long strings in the "passwd1" field.'}, {'type': 'paragraph', 'content': 'For example, using a tool like tcpdump or Wireshark, you can filter HTTP POST requests to `/goform/setSysAdm` and inspect the payload size.'}, {'type': 'list_item', 'content': "tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'"}, {'type': 'list_item', 'content': 'Use Wireshark to filter HTTP POST requests with the filter: http.request.method == "POST" and http.request.uri contains "/goform/setSysAdm"'}, {'type': 'paragraph', 'content': 'Inspect the POST data for the "passwd1" parameter containing abnormally long strings, which may indicate an attempt to exploit the buffer overflow.'}] [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable API endpoint `/goform/setSysAdm` to trusted users only.

Implement network-level controls such as firewall rules to block unauthorized remote access to the device.

Avoid using the affected firmware versions up to 3.2.7-210907-180535 and upgrade to a patched version if available.

Monitor the device for signs of exploitation such as unexpected crashes or denial of service conditions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4488. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart