CVE-2026-9628
Deferred Deferred - Pending Action
Stack-Based Buffer Overflow in UTT HiPER 1200GW Web Interface

Publication date: 2026-05-27

Last updated on: 2026-05-28

Assigner: VulDB

Description
A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Management Interface. This manipulation of the argument PPTP server address/username/password/tunnel name causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-28
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-9628
EUVD
EUVD-2026-32031
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
utt hiper_1200gw to 2.5.3-170306 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-9628 is a buffer overflow vulnerability in the UTT HiPER 1200GW router firmware up to version 2.5.3-170306. It occurs in the Web Management Interface, specifically in the /goform/formPptpClientConfig endpoint. An attacker can send specially crafted requests manipulating arguments like PPTP server address, username, password, or tunnel name, causing a stack-based buffer overflow.

This overflow allows the attacker to overwrite memory, potentially leading to system instability, denial of service, or execution of arbitrary code. The vulnerability can be exploited remotely without user interaction.

Impact Analysis

Exploitation of this vulnerability can lead to serious impacts including denial of service by crashing the device or executing arbitrary code remotely. This means an attacker could take control of the affected router, disrupt network connectivity, or compromise the device's security.

Detection Guidance

This vulnerability can be detected by monitoring for specially crafted POST requests targeting the /goform/formPptpClientConfig or /goform/formUser endpoints on the UTT HiPER 1200GW router. Specifically, requests containing unusually long or malformed inputs in parameters such as 'EncryptionMode' may indicate exploitation attempts.

A practical detection method is to capture and analyze network traffic for POST requests to these endpoints with suspiciously long parameter values that could trigger the buffer overflow.

Example commands to detect such attempts might include using tools like tcpdump or tshark to filter HTTP POST requests to the vulnerable endpoints:

  • tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/formPptpClientConfig'
  • tshark -Y 'http.request.method == "POST" and http.request.uri contains "/goform/formUser"' -T fields -e http.file_data

Inspect the captured data for abnormally long strings in parameters like 'EncryptionMode' which may indicate an exploit attempt.

Mitigation Strategies

Immediate mitigation steps include restricting access to the Web Management Interface of the UTT HiPER 1200GW router to trusted networks only, such as via firewall rules or network segmentation.

Additionally, monitor and block suspicious POST requests to the /goform/formPptpClientConfig and /goform/formUser endpoints that contain unusually long or malformed parameters.

If possible, update the router firmware to a version later than 2.5.3-170306 where the vulnerability is fixed.

Until a patch is available, disabling the PPTP client configuration feature or the Web Management Interface temporarily can reduce exposure.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9628. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart