CVE-2026-31066
Buffer Overflow in UTT Aggressive HiPER 810G Causes DoS
Publication date: 2026-04-06
Last updated on: 2026-04-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | 810g_firmware | to 1.7.7-171114 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-31066 is a buffer overflow vulnerability found in the UTT HiPER 810G router firmware versions up to v3v1.7.7-171114. It occurs in the handling of HTTP POST requests to the /goform/formTaskEdit endpoint, specifically when the selDateType parameter is set to "01".
The vulnerability arises because the router's firmware uses the unsafe strcpy function to copy data into a buffer without checking the input size, allowing an attacker to overflow the buffer by sending an excessively long string in the selDateType parameter.
This improper input validation can lead to memory corruption, potentially causing denial of service (DoS) or even arbitrary code execution.
Exploitation requires authentication via Digest authentication with valid credentials.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing an attacker to cause a denial of service (DoS) on the affected router, disrupting network connectivity and router operation.
In some cases, the buffer overflow could be exploited to execute arbitrary code, potentially allowing an attacker to take control of the router or manipulate its functions.
However, exploitation requires valid credentials due to Digest authentication, which limits the attack to authenticated users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP POST requests to the endpoint /goform/formTaskEdit on the UTT HiPER 810G router. Specifically, look for POST requests where the parameter selDateType is set to "01" with an unusually large payload, which may indicate an attempt to exploit the buffer overflow.
A practical detection method is to capture and analyze network traffic targeting the router, filtering for POST requests to /goform/formTaskEdit with selDateType=01.
Example command using curl to test the vulnerability (requires valid Digest authentication credentials):
- curl -X POST -u username:password --digest -d "selDateType=01&other_params=..." http://<router_ip>/goform/formTaskEdit
To detect potential exploitation attempts on the network, you can use packet capture tools like tcpdump or Wireshark with filters such as:
- tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
- Then search for POST requests to /goform/formTaskEdit with selDateType=01 and unusually large payloads.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected router's management interface to trusted networks only, thereby reducing exposure to potential attackers.
Ensure that only authorized users with valid credentials can access the /goform/formTaskEdit endpoint, as exploitation requires Digest authentication.
Monitor and block suspicious HTTP POST requests with selDateType=01 containing abnormally large payloads to prevent exploitation attempts.
If available, update the router firmware to a version that patches this buffer overflow vulnerability.