CVE-2026-31063
Buffer Overflow in UTT Aggressive HiPER 1200GW Causes DoS
Publication date: 2026-04-06
Last updated on: 2026-04-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | 1200gw_firmware | to 2.5.3-170306 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-31063 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-31063 is a buffer overflow vulnerability found in the UTT HiPER 1200GW router, specifically in firmware versions up to v2.5.3-170306. It occurs in the router's web interface endpoint `/goform/formArpBindConfig` within the function `webConfigArpBindConfig`. The vulnerability is caused by unsafe use of the `strcpy` function to copy data into a buffer without checking the size, which leads to a buffer overflow when a crafted input is sent in the `pools` parameter.
This buffer overflow can be triggered remotely by sending a specially crafted HTTP POST request to the vulnerable endpoint, potentially allowing an attacker to cause a denial of service or execute other malicious actions.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to cause a denial of service (DoS) on your UTT HiPER 1200GW router. The attacker can send a crafted request to the router's web interface, triggering a buffer overflow that may crash the device or disrupt its normal operation.
Additionally, because the vulnerability arises from a buffer overflow, there is a potential risk of remote code execution or other malicious effects, which could compromise the security and stability of your network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted HTTP POST request to the router's web interface endpoint `/goform/formArpBindConfig` with a large payload in the `pools` parameter. Monitoring for unusual or malformed requests to this endpoint may help identify attempts to exploit the buffer overflow.
A proof-of-concept (PoC) involves an HTTP POST request including headers such as Authorization with Digest authentication and Content-Type set to application/x-www-form-urlencoded, targeting the `pools` parameter with an oversized input.
- Use curl or similar tools to send a test POST request to `/goform/formArpBindConfig` with a large `pools` parameter value to check if the system is vulnerable.
- Example curl command (replace <router_ip> and <auth> accordingly):
- curl -X POST http://<router_ip>/goform/formArpBindConfig -H "Authorization: Digest <auth>" -H "Content-Type: application/x-www-form-urlencoded" -d "pools=$(python -c 'print("A"*1000)')&action=some_action"
If the device crashes, becomes unresponsive, or returns errors, it may be vulnerable to this buffer overflow.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the router's web interface, especially the `/goform/formArpBindConfig` endpoint, to trusted networks or IP addresses only.
Disable or limit remote management features if enabled to reduce exposure.
Monitor network traffic for suspicious POST requests targeting the vulnerable endpoint.
Apply any available firmware updates or patches from the vendor that address this vulnerability as soon as they become available.
If no patch is available, consider temporarily replacing the device or isolating it from critical network segments until a fix is applied.