CVE-2026-9632
Deferred Deferred - Pending Action
Stack-Based Buffer Overflow in UTT HiPER 1250GW Web Interface

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: VulDB

Description
A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2026-9632
EUVD
EUVD-2026-32038
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
utt hiper_1250gw to 3.2.7-210907-180535 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-9632 is a buffer overflow vulnerability found in the UTT HiPER 1250GW router firmware up to version 3.2.7-210907-180535. The flaw exists in the Web Management Interface, specifically in the /goform/formGroupConfig endpoint. An attacker can manipulate the Profile parameter, which is passed to an unsafe strcpy function call without proper input length validation. This allows the attacker to overflow the stack buffer by sending excessively long input, potentially causing the router to crash or behave unexpectedly.

The vulnerability can be exploited remotely by sending a specially crafted HTTP POST request with an overly long parameter, leading to denial of service. A proof-of-concept exploit has been published, but the vendor has not yet released a patch.

Impact Analysis

This vulnerability can impact you by allowing a remote attacker to cause a denial of service on your UTT HiPER 1250GW router. By exploiting the buffer overflow, the attacker can crash the device or disrupt its normal operation, potentially leading to network outages or loss of connectivity.

Detection Guidance

This vulnerability can be detected by sending a specially crafted HTTP POST request to the /goform/formGroupConfig endpoint of the UTT HiPER 1250GW router. The request should include an overly long parameter, such as the "Profile" or "notes" parameter, to test for a stack-based buffer overflow.

A proof-of-concept involves sending a malicious HTTP POST request with an excessively long "notes" parameter to observe if the router crashes or behaves unexpectedly, indicating the presence of the vulnerability.

  • Use curl or similar tools to send the crafted POST request, for example:
  • curl -X POST http://[router_ip]/goform/formGroupConfig -d "Profile=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
  • Monitor the router for crashes or abnormal behavior after sending the request.
Mitigation Strategies

Since the vendor UTT has not yet released a patch for this vulnerability, immediate mitigation steps include limiting access to the Web Management Interface to trusted networks only.

Restrict remote access to the affected endpoint (/goform/formGroupConfig) by using firewall rules or network segmentation to prevent unauthorized or external access.

Monitor network traffic for suspicious POST requests targeting the vulnerable endpoint and block or alert on such activity.

Consider disabling the Web Management Interface if it is not required or using alternative secure management methods until a patch is available.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-9632. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart