CVE-2026-7418
Buffer Overflow in UTT HiPER 1250GW Firmware
Publication date: 2026-04-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | hiper_1250gw | to 3.2.7-210907-180535 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unusual or crafted POST requests sent to the /goform/NTP endpoint of the UTT HiPER 1250GW router. Specifically, look for POST requests where the "Profile" parameter contains an excessively long string, which triggers the buffer overflow.
Detection can involve capturing network traffic and filtering for POST requests to /goform/NTP with suspiciously long Profile parameters, especially when time_zone and NTPServerIP parameters are non-empty and SntpEnable is set to "on".
- Use a network packet capture tool like tcpdump or Wireshark to capture HTTP POST requests to the router's /goform/NTP endpoint.
- Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/NTP'
- Inspect captured POST requests for the "Profile" parameter length and check if it is unusually long.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, avoid exposing the UTT HiPER 1250GW router's management interface to untrusted networks.
Disable the SNTP service by setting SntpEnable to "off" if it is not required, as the vulnerability is triggered when SntpEnable is "on".
Restrict or filter incoming traffic to the /goform/NTP endpoint to prevent malicious POST requests with crafted Profile parameters.
Monitor for firmware updates or patches from the vendor that address this buffer overflow vulnerability and apply them as soon as they become available.
Can you explain this vulnerability to me?
This vulnerability exists in the UTT HiPER 1250GW device up to version 3.2.7-210907-180535. It affects the strcpy function in the file route/goform/NTP. By manipulating the argument named Profile, an attacker can cause a buffer overflow.
The vulnerability can be exploited remotely, meaning an attacker does not need physical access to the device to launch an attack. The exploit has been publicly disclosed and may be used by attackers.
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to a buffer overflow, which may allow an attacker to execute arbitrary code or cause a denial of service on the affected device.
Because the attack can be launched remotely, it increases the risk of unauthorized access or control over the device, potentially compromising the confidentiality, integrity, and availability of the system.
Can you explain this vulnerability to me?
CVE-2026-7418 is a buffer overflow vulnerability in the UTT HiPER 1250GW router's NTP configuration interface, specifically in the /goform/NTP endpoint. It occurs because the strcpy function is used without proper boundary checks when handling the "Profile" parameter.
An attacker can exploit this vulnerability by sending a crafted POST request with an excessively long "Profile" parameter, which causes the buffer overflow. This happens when the time_zone and NTPServerIP parameters are non-empty and SntpEnable is set to "on".
How can this vulnerability impact me? :
Exploiting this vulnerability can lead to a denial of service (DoS) attack on the affected router. The buffer overflow may cause the device to crash or behave unpredictably, disrupting network connectivity and services.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the /goform/NTP endpoint on the UTT HiPER 1250GW router. Specifically, look for requests where the "Profile" parameter is excessively long, which triggers the buffer overflow.
Detection can involve capturing network traffic and filtering for POST requests to /goform/NTP with non-empty time_zone and NTPServerIP parameters and SntpEnable set to "on".
A possible command to detect such attempts using tcpdump could be:
- tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/NTP'
Alternatively, inspecting web server logs for POST requests to /goform/NTP with unusually long Profile parameters can help identify exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling the SNTP service or setting SntpEnable to "off" if possible, to prevent the vulnerable code path from being triggered.
Restrict access to the router's management interface, especially the /goform/NTP endpoint, by limiting network access or applying firewall rules.
Monitor for suspicious POST requests with long Profile parameters and block or alert on such traffic.
Apply any available firmware updates from the vendor that address this vulnerability.