CVE-2026-7419
Buffer Overflow in UTT HiPER 1250GW Firmware
Publication date: 2026-04-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | hiper_1250gw | to 3.2.7-210907-180535 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in UTT HiPER 1250GW devices up to version 3.2.7-210907-180535. It is caused by improper handling of the 'Profile' argument in the strcpy function within the file route/goform/formTaskEdit_ap, which leads to a buffer overflow.
Because of this buffer overflow, an attacker can remotely exploit the device without user interaction, potentially executing arbitrary code or causing a denial of service.
The exploit for this vulnerability is publicly available.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized remote code execution, which may allow an attacker to take control of the affected device.
It can also lead to denial of service conditions, disrupting normal operations of the device.
Since the exploit is publicly available, the risk of exploitation is higher, especially if the device is exposed to untrusted networks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the endpoint route/goform/formTaskEdit_ap on UTT HiPER 1250GW routers running vulnerable firmware versions. Specifically, crafted POST requests manipulating the Profile parameter and not setting the src_6 parameter to "01" may indicate exploitation attempts.
A detection approach could involve capturing network traffic and filtering for POST requests to the vulnerable endpoint. For example, using a tool like tcpdump or tshark:
- tcpdump -i <interface> -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /route/goform/formTaskEdit_ap'
Additionally, inspecting logs on the device or any web application firewall (WAF) for POST requests containing the Profile parameter and unusual values for src_6 can help identify exploitation attempts.
Can you explain this vulnerability to me?
CVE-2026-7419 is a buffer overflow vulnerability found in the UTT HiPER 1250GW router firmware up to version 3.2.7-210907-180535. It occurs in the strcpy function within the route/goform/formTaskEdit_ap endpoint when the Profile parameter is manipulated. Specifically, if the src_6 parameter is not set to "01," the strcpy(dest, src_1) call can overflow the buffer, potentially allowing an attacker to execute arbitrary code or cause a denial of service.
How can this vulnerability impact me? :
This vulnerability can be remotely exploited by an attacker to cause a denial of service or potentially execute arbitrary code on the affected device. Since the exploit is publicly available, attackers can use crafted POST requests to the vulnerable API endpoint to trigger the buffer overflow, which may lead to device crashes, service interruptions, or unauthorized control over the router.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crafted POST requests targeting the route/goform/formTaskEdit_ap endpoint on UTT HiPER 1250GW devices with vulnerable firmware versions. Specifically, look for POST requests manipulating the Profile parameter and where the src_6 parameter is not set to "01."
A practical detection method is to capture network traffic and filter for POST requests to the endpoint route/goform/formTaskEdit_ap. For example, using tcpdump or Wireshark to filter HTTP POST requests to this path.
- tcpdump -i <interface> -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /route/goform/formTaskEdit_ap'
- Use curl or similar tools to test the endpoint manually by sending crafted POST requests with manipulated Profile and src_6 parameters to check for abnormal behavior or crashes.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint by implementing network-level controls such as firewall rules to block unauthorized POST requests to route/goform/formTaskEdit_ap.
Additionally, monitor and filter incoming traffic to detect and block exploit attempts that manipulate the Profile parameter or send malformed requests.
If possible, update the firmware of the UTT HiPER 1250GW device to a version later than v3.2.7-210907-180535 where this vulnerability is fixed.
Until a patch is applied, consider disabling or limiting remote management features that expose the vulnerable API endpoint.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint by implementing network-level controls such as firewall rules to block unauthorized access to the route/goform/formTaskEdit_ap endpoint.
Additionally, monitoring and blocking suspicious POST requests that manipulate the Profile parameter or do not set src_6 to "01" can reduce the risk of exploitation.
If possible, update the firmware of the UTT HiPER 1250GW router to a version later than v3.2.7-210907-180535 where this vulnerability is fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The CVE-2026-7419 vulnerability is a buffer overflow in the UTT HiPER 1250GW router that can be remotely exploited, potentially leading to denial of service or other impacts. Such vulnerabilities can compromise the confidentiality, integrity, and availability of data processed or transmitted by the affected device.
While the provided information does not explicitly mention compliance with standards like GDPR or HIPAA, the presence of a high-severity remote exploitable vulnerability could lead to non-compliance with these regulations. This is because these standards require organizations to ensure the security of personal and sensitive data, and unpatched vulnerabilities that allow unauthorized access or disruption may violate these requirements.