CVE-2026-9627
Deferred Deferred - Pending Action
Buffer Overflow in UTT HiPER 1200GW Web Interface

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: VulDB

Description
A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-9627
EUVD
EUVD-2026-32030
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
utt hiper_1200gw to 2.5.3-170306 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in UTT HiPER 1200GW allows remote attackers to execute arbitrary code or cause denial of service via a buffer overflow in the web management interface. This can lead to unauthorized access or control over the device.

Such unauthorized access or compromise of device integrity could result in exposure or manipulation of sensitive data, potentially violating data protection regulations like GDPR or HIPAA that require safeguarding personal or health information.

Therefore, this vulnerability poses a risk to compliance with common standards and regulations by undermining the security controls necessary to protect sensitive data.

Executive Summary

CVE-2026-9627 is a buffer overflow vulnerability found in the UTT HiPER 1200GW router firmware up to version 2.5.3-170306. The flaw exists in the Web Management Interface, specifically in the /goform/setSysAdm endpoint.

An attacker can exploit this vulnerability by sending a specially crafted request with an excessively long password parameter. This triggers a buffer overflow in the strcpy function, which copies data without properly checking the input length.

As a result, the attacker can cause arbitrary code execution or denial of service by overflowing the memory buffer.

Impact Analysis

This vulnerability can have serious impacts including allowing a remote attacker to execute arbitrary code on the affected device or cause it to crash, resulting in denial of service.

Such exploitation could lead to unauthorized control over the router, potentially compromising network security and availability.

Detection Guidance

This vulnerability can be detected by monitoring for unusual or suspicious HTTP POST requests to the /goform/setSysAdm endpoint on the UTT HiPER 1200GW router.

Specifically, detection involves identifying POST requests containing an excessively long password parameter (passwd1), such as a string of 256 characters, which triggers the buffer overflow.

You can use network monitoring tools or packet capture utilities like tcpdump or Wireshark to filter HTTP POST requests to /goform/setSysAdm and inspect the length of the passwd1 parameter.

  • Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/setSysAdm'
  • Use tools like curl or custom scripts to send test POST requests with long passwd1 parameters to verify if the system is vulnerable.
Mitigation Strategies

Immediate mitigation steps include restricting access to the Web Management Interface, especially the /goform/setSysAdm endpoint, to trusted networks or IP addresses only.

Additionally, monitor and block suspicious POST requests with unusually long passwd1 parameters to prevent exploitation.

If possible, update the firmware of the UTT HiPER 1200GW router to a version later than 2.5.3-170306 where this vulnerability is fixed.

Until a patch is available, consider disabling remote management features or the Web Management Interface if not strictly necessary.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9627. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart