CVE-2026-4862
Remote Buffer Overflow in UTT HiPER 1250GW Parameter Handler
Publication date: 2026-03-26
Last updated on: 2026-03-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | hiper_1250gw | to 3.2.7-210907-180535 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-4862 is a critical buffer overflow vulnerability found in the UTT HiPER 1250GW router firmware versions up to 3.2.7-210907-180535. It occurs due to improper handling of the "GroupName" parameter in an HTTP POST request to the endpoint /goform/formConfigDnsFilterGlobal. Specifically, the strcpy function is used without validating the length of the input, allowing an attacker to send an excessively long "GroupName" value that overflows the buffer.
This vulnerability can be exploited remotely by sending a specially crafted POST request, which can cause the device to crash or become unavailable, resulting in a denial of service (DoS).
How can this vulnerability impact me? :
The primary impact of this vulnerability is that an attacker can remotely cause a denial of service (DoS) on the affected UTT HiPER 1250GW router by exploiting the buffer overflow. This can lead to the router crashing or becoming unresponsive, disrupting network connectivity and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP POST requests to the endpoint /goform/formConfigDnsFilterGlobal that contain an unusually long or crafted "GroupName" parameter.
A practical detection method is to capture and analyze network traffic targeting the UTT HiPER 1250GW router, looking specifically for POST requests with large payloads or repeated characters in the "GroupName" field.
For example, using tcpdump or Wireshark to filter HTTP POST requests to the vulnerable endpoint can help identify potential exploit attempts.
- tcpdump -A -s 0 'tcp port 80 and (((ip dst <router_ip>) and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)))'
- Use a tool like curl or a custom script to send a test POST request with a long "GroupName" parameter to check if the device responds abnormally or crashes.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint /goform/formConfigDnsFilterGlobal by implementing network-level controls such as firewall rules to block unauthorized or external access.
Additionally, monitor and filter incoming HTTP POST requests to detect and block those with suspiciously long or malformed "GroupName" parameters.
If possible, update the router firmware to a version that patches this vulnerability or contact the vendor for an official fix.
As a temporary workaround, disable remote management features or restrict management access to trusted IP addresses only.