CVE-2026-10292
Deferred Deferred - Pending Action
Stack-Based Buffer Overflow in UTT HiPER 1200GW

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulDB

Description
A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-10292
EUVD
EUVD-2026-33821
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
utt hiper_1200gw to 2.5.3-170306 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability is a stack-based buffer overflow in the UTT HiPER 1200GW router that can be exploited remotely to cause denial of service or potentially allow arbitrary code execution.

Such a vulnerability could impact compliance with standards like GDPR or HIPAA because it threatens the confidentiality, integrity, and availability of data processed or transmitted by the affected device.

Specifically, the CVSS scores indicate high impact on confidentiality, integrity, and availability, which are core principles in these regulations.

However, the provided information does not explicitly discuss compliance implications or mitigation steps related to these standards.

Executive Summary

This vulnerability exists in the UTT HiPER 1200GW device up to version 2.5.3-170306. It is caused by improper use of the strcpy function in the /goform/formTaskEdit file, which leads to a stack-based buffer overflow. This means that an attacker can send specially crafted input to this function, causing it to overwrite parts of the memory stack, potentially allowing remote code execution or other malicious actions.

Impact Analysis

The vulnerability can have severe impacts because it allows remote attackers to exploit a stack-based buffer overflow. According to the CVSS scores, it has a high severity with potential to compromise confidentiality, integrity, and availability of the affected system. An attacker could execute arbitrary code, disrupt services, or gain unauthorized access.

Detection Guidance

This vulnerability can be detected by sending a specially crafted POST request to the /goform/formTaskEdit endpoint of the UTT HiPER 1200GW router. The request should include an excessively long selDateType parameter set to "01" to trigger the buffer overflow condition.

A detection command example using curl would be:

  • curl -X POST http://<target-ip>/goform/formTaskEdit -d "selDateType=01<very_long_string>"

If the device is vulnerable, it may crash, become unresponsive, or exhibit abnormal behavior indicating a buffer overflow.

Mitigation Strategies

Immediate mitigation steps include restricting access to the affected device's web interface to trusted networks only, such as internal management networks.

Additionally, monitor the device for unusual behavior or crashes that may indicate exploitation attempts.

Applying any available firmware updates from the vendor that address this vulnerability is strongly recommended once released.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10292. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart