CVE-2026-9631
Stack-Based Buffer Overflow in UTT HiPER 1250GW Web Interface
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | hiper_1250gw | to 3.2.7-210907-180535 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability allows remote attackers to cause a denial of service by crashing the affected device. Exploiting the buffer overflow can disrupt network connectivity and availability of the UTT HiPER 1250GW router, potentially leading to downtime and loss of access to network resources.
Can you explain this vulnerability to me?
CVE-2026-9631 is a buffer overflow vulnerability found in the UTT HiPER 1250GW router firmware up to version 3.2.7-210907-180535. The flaw exists in the function formConfigFastDirectionW within the Web Management Interface, specifically in the handling of the Profile parameter. Due to a lack of boundary checks, an attacker can send a crafted POST request with an excessively long SSID value, causing the strcpy operation to overflow a stack buffer.
This vulnerability can be exploited remotely without authentication by sending a specially crafted request to the /goform/formConfigFastDirectionW endpoint, leading to a denial of service by crashing the device.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the /goform/formConfigFastDirectionW endpoint on the UTT HiPER 1250GW router. Specifically, look for requests where the Profile parameter or the ssid parameter contains an excessively long string, which triggers the buffer overflow.
A practical detection method is to capture and analyze HTTP POST traffic targeting the router's web management interface and check for unusually long values in the ssid or Profile fields.
Example command using curl to test the vulnerability (this command triggers the overflow and should be used carefully in a controlled environment):
- curl -X POST http://[router_ip]/goform/formConfigFastDirectionW -d "Profile=aaaa...aaa"
Replace the 'aaaa...aaa' with a very long string to simulate the exploit payload. Monitoring for crashes or abnormal behavior after such requests indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the router's web management interface to trusted networks only, such as by using firewall rules or network segmentation.
Additionally, monitor and block suspicious POST requests to the /goform/formConfigFastDirectionW endpoint, especially those containing unusually long Profile or ssid parameters.
If possible, disable remote management features temporarily until a firmware update or patch is available.
Finally, check with the vendor for any available firmware updates that address this vulnerability and apply them as soon as possible.