CVE-2026-10293
Deferred Deferred - Pending Action
Stack-Based Buffer Overflow in UTT HiPER 1200GW

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: VulDB

Description
A flaw has been found in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/formFireWall. This manipulation of the argument Profile causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-10293
EUVD
EUVD-2026-33816
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
utt hiper_1200gw to 2.5.3-170306 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-121 A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a flaw found in the UTT HiPER 1200GW device up to version 2.5.3-170306. It affects the strcpy function in the file /goform/formFireWall. Specifically, manipulating the argument named Profile causes a stack-based buffer overflow, which means that an attacker can overwrite parts of the device's memory.

Because the vulnerability is a buffer overflow, it can be exploited remotely, allowing an attacker to potentially execute arbitrary code or cause the device to crash.

The exploit for this vulnerability has already been published and may be used by attackers.

Impact Analysis

This vulnerability can have severe impacts because it allows remote attackers to exploit a stack-based buffer overflow in the device.

  • Confidentiality impact: High - attackers may gain unauthorized access to sensitive information.
  • Integrity impact: High - attackers may alter or manipulate data.
  • Availability impact: High - attackers may cause denial of service or crash the device.

Overall, this vulnerability can lead to complete compromise of the affected device, potentially allowing attackers to control it remotely.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious POST requests to the /goform/formFireWall endpoint, especially those containing unusually long 'destAddr' parameter values combined with 'destIP' set to 'ipRange'.

A practical detection method is to capture and analyze network traffic for such requests.

  • Use a network packet capture tool like tcpdump or Wireshark to filter HTTP POST requests to /goform/formFireWall.
  • Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep '/goform/formFireWall'
  • Inspect captured HTTP POST data for the presence of 'destIP=ipRange' and excessively long 'destAddr' parameters.

Additionally, checking router logs for repeated or malformed requests to this endpoint may help identify exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include restricting access to the /goform/formFireWall endpoint to trusted users only, as the exploit requires valid Digest authentication credentials.

Implement network-level controls such as firewall rules to block suspicious POST requests targeting this endpoint.

Monitor and block requests with unusually long 'destAddr' parameter values or those with 'destIP' set to 'ipRange'.

If possible, upgrade the firmware of the UTT HiPER 1200GW device to a version where this vulnerability is patched.

Until a patch is applied, consider disabling or limiting the use of the vulnerable formFireWall functionality if feasible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10293. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart