CVE-2026-4488
Remote Buffer Overflow in UTT HiPER 1250GW strcpy Function
Publication date: 2026-03-20
Last updated on: 2026-03-20
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | hiper_1250gw | to 3.2.7-210907-180535 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'This vulnerability exists in the UTT HiPER 1250GW router firmware versions up to 3.2.7-210907-180535. It is caused by improper handling of the "GroupName" parameter in the API endpoint /goform/setSysAdm. Specifically, the unsafe use of the strcpy function copies attacker-controlled input into a fixed-size buffer without checking its length, leading to a stack-based buffer overflow.'}, {'type': 'paragraph', 'content': 'An attacker can exploit this remotely by sending a specially crafted POST request with an excessively large payload in the "passwd1" parameter, causing the router to overflow its stack buffer.'}, {'type': 'paragraph', 'content': 'This overflow can crash the router, resulting in a denial of service condition.'}] [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability allows a remote attacker to cause a denial of service (DoS) on the affected router by crashing its system through a buffer overflow.
This can disrupt network connectivity and availability, potentially impacting all devices relying on the router for network access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious POST requests to the API endpoint `/goform/setSysAdm` that contain an excessively large payload in the "passwd1" parameter.'}, {'type': 'paragraph', 'content': 'A practical detection method is to capture and analyze network traffic for such requests, especially those with unusually long strings in the "passwd1" field.'}, {'type': 'paragraph', 'content': 'For example, using a tool like tcpdump or Wireshark, you can filter HTTP POST requests to `/goform/setSysAdm` and inspect the payload size.'}, {'type': 'list_item', 'content': "tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'"}, {'type': 'list_item', 'content': 'Use Wireshark to filter HTTP POST requests with the filter: http.request.method == "POST" and http.request.uri contains "/goform/setSysAdm"'}, {'type': 'paragraph', 'content': 'Inspect the POST data for the "passwd1" parameter containing abnormally long strings, which may indicate an attempt to exploit the buffer overflow.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable API endpoint `/goform/setSysAdm` to trusted users only.
Implement network-level controls such as firewall rules to block unauthorized remote access to the device.
Avoid using the affected firmware versions up to 3.2.7-210907-180535 and upgrade to a patched version if available.
Monitor the device for signs of exploitation such as unexpected crashes or denial of service conditions.