CVE-2026-9632
Stack-Based Buffer Overflow in UTT HiPER 1250GW Web Interface
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | hiper_1250gw | to 3.2.7-210907-180535 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-9632 is a buffer overflow vulnerability found in the UTT HiPER 1250GW router firmware up to version 3.2.7-210907-180535. The flaw exists in the Web Management Interface, specifically in the /goform/formGroupConfig endpoint. An attacker can manipulate the Profile parameter, which is passed to an unsafe strcpy function call without proper input length validation. This allows the attacker to overflow the stack buffer by sending excessively long input, potentially causing the router to crash or behave unexpectedly.
The vulnerability can be exploited remotely by sending a specially crafted HTTP POST request with an overly long parameter, leading to denial of service. A proof-of-concept exploit has been published, but the vendor has not yet released a patch.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote attacker to cause a denial of service on your UTT HiPER 1250GW router. By exploiting the buffer overflow, the attacker can crash the device or disrupt its normal operation, potentially leading to network outages or loss of connectivity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a specially crafted HTTP POST request to the /goform/formGroupConfig endpoint of the UTT HiPER 1250GW router. The request should include an overly long parameter, such as the "Profile" or "notes" parameter, to test for a stack-based buffer overflow.
A proof-of-concept involves sending a malicious HTTP POST request with an excessively long "notes" parameter to observe if the router crashes or behaves unexpectedly, indicating the presence of the vulnerability.
- Use curl or similar tools to send the crafted POST request, for example:
- curl -X POST http://[router_ip]/goform/formGroupConfig -d "Profile=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- Monitor the router for crashes or abnormal behavior after sending the request.
What immediate steps should I take to mitigate this vulnerability?
Since the vendor UTT has not yet released a patch for this vulnerability, immediate mitigation steps include limiting access to the Web Management Interface to trusted networks only.
Restrict remote access to the affected endpoint (/goform/formGroupConfig) by using firewall rules or network segmentation to prevent unauthorized or external access.
Monitor network traffic for suspicious POST requests targeting the vulnerable endpoint and block or alert on such activity.
Consider disabling the Web Management Interface if it is not required or using alternative secure management methods until a patch is available.