CVE-2026-7513
Buffer Overflow in UTT HiPER 1200GW Firmware
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | hiper_1200gw | to 2.5.3-170306 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-7513 is a buffer overflow vulnerability found in the UTT HiPER 1200GW router firmware versions up to 2.5.3-170306. The flaw exists in the /goform/formRemoteControl endpoint, specifically in the strcpy function, which improperly handles input without sufficient validation.
An attacker can exploit this vulnerability by sending a specially crafted POST request with a parameter that exceeds the expected buffer size, causing memory to be overwritten.
This can lead to arbitrary code execution, denial of service, or other malicious actions by gaining control over the device remotely.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including allowing a remote attacker to execute arbitrary code on the affected router, potentially taking full control of the device.
Such control can be used to disrupt network services by triggering denial of service conditions or to manipulate network traffic and data.
Because the exploit can be initiated remotely without user interaction, it poses a significant security risk to networks using the vulnerable device.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for specially crafted POST requests sent to the /goform/formRemoteControl endpoint of the UTT HiPER 1200GW router. These requests contain an abnormally long 'Profile' parameter designed to overflow the buffer.
A practical detection method is to capture and analyze HTTP POST traffic targeting the /goform/formRemoteControl path and look for unusually long or malformed 'Profile' parameters.
- Use network packet capture tools like tcpdump or Wireshark to filter HTTP POST requests to /goform/formRemoteControl.
- Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/formRemoteControl'
- Use tools like curl or custom scripts to send test POST requests with long 'Profile' parameters to verify if the system is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable /goform/formRemoteControl endpoint to trusted networks only, such as by implementing firewall rules or access control lists.
Avoid exposing the router's web interface to untrusted networks or the internet.
Monitor network traffic for suspicious POST requests targeting the vulnerable endpoint and block or alert on such activity.
If available, update the router firmware to a version that patches this vulnerability.
If no patch is available, consider disabling remote management features or the affected service to prevent exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2026-7513 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.