CVE-2026-10292
Stack-Based Buffer Overflow in UTT HiPER 1200GW
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | hiper_1200gw | to 2.5.3-170306 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability is a stack-based buffer overflow in the UTT HiPER 1200GW router that can be exploited remotely to cause denial of service or potentially allow arbitrary code execution.
Such a vulnerability could impact compliance with standards like GDPR or HIPAA because it threatens the confidentiality, integrity, and availability of data processed or transmitted by the affected device.
Specifically, the CVSS scores indicate high impact on confidentiality, integrity, and availability, which are core principles in these regulations.
However, the provided information does not explicitly discuss compliance implications or mitigation steps related to these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a specially crafted POST request to the /goform/formTaskEdit endpoint of the UTT HiPER 1200GW router. The request should include an excessively long selDateType parameter set to "01" to trigger the buffer overflow condition.
A detection command example using curl would be:
- curl -X POST http://<target-ip>/goform/formTaskEdit -d "selDateType=01<very_long_string>"
If the device is vulnerable, it may crash, become unresponsive, or exhibit abnormal behavior indicating a buffer overflow.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the affected device's web interface to trusted networks only, such as internal management networks.
Additionally, monitor the device for unusual behavior or crashes that may indicate exploitation attempts.
Applying any available firmware updates from the vendor that address this vulnerability is strongly recommended once released.
Can you explain this vulnerability to me?
This vulnerability exists in the UTT HiPER 1200GW device up to version 2.5.3-170306. It is caused by improper use of the strcpy function in the /goform/formTaskEdit file, which leads to a stack-based buffer overflow. This means that an attacker can send specially crafted input to this function, causing it to overwrite parts of the memory stack, potentially allowing remote code execution or other malicious actions.
How can this vulnerability impact me? :
The vulnerability can have severe impacts because it allows remote attackers to exploit a stack-based buffer overflow. According to the CVSS scores, it has a high severity with potential to compromise confidentiality, integrity, and availability of the affected system. An attacker could execute arbitrary code, disrupt services, or gain unauthorized access.