CVE-2026-31061
Buffer Overflow in UTT Aggressive HiPER 810G Causes DoS
Publication date: 2026-04-06
Last updated on: 2026-04-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | 810g_firmware | to 1.7.7-171114 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for HTTP POST requests sent to the `/goform/ConfigAdvideo` endpoint on UTT HiPER 810G routers running vulnerable firmware versions. Specifically, detection involves identifying requests with an excessively long or malformed `Action` parameter in the POST data, which triggers the buffer overflow.
A practical detection method is to use network monitoring tools or intrusion detection systems (IDS) to look for suspicious POST requests targeting `/goform/ConfigAdvideo` with unusually large payloads or strings of repeated characters in the `Action` field.
Example command using curl to test the vulnerability (for detection purposes only):
- curl -X POST http://[router_ip]/goform/ConfigAdvideo -d "Action=$(python -c 'print("a"*1000)')" -H "Content-Type: application/x-www-form-urlencoded"
Network administrators can also use packet capture tools like tcpdump or Wireshark to filter and analyze HTTP POST requests to this endpoint for suspicious payloads.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable `/goform/ConfigAdvideo` endpoint by limiting administrative access to trusted networks or IP addresses only.
If possible, disable or block HTTP POST requests to the `/goform/ConfigAdvideo` endpoint until a firmware update or patch is applied.
Monitor router logs and network traffic for any suspicious activity targeting this endpoint.
Contact the vendor or check for firmware updates that address this buffer overflow vulnerability and apply them as soon as they become available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-31061 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-31061 is a buffer overflow vulnerability found in the UTT HiPER 810G router firmware versions up to v3v1.7.7-171114. It occurs in the ConfigAdvideo function accessed via the HTTP API endpoint `/goform/ConfigAdvideo`. The vulnerability is caused by unsafe use of the strcpy function, which copies input data into a buffer without checking its size, leading to overflow.
Specifically, when the "action" parameter is missing in a crafted HTTP POST request, the code executes an unchecked string copy operation that can overflow the buffer. This flaw allows attackers to send specially crafted requests that trigger the overflow.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to a Denial of Service (DoS) condition on the affected router by crashing or destabilizing the device.
Additionally, because it is a buffer overflow, there is potential for attackers to execute arbitrary code remotely, which could lead to further compromise of the device and network.