Remote Buffer Overflows Disclosed in UTT HiPER 1200GW and 1250GW Routers
Two high-severity vulnerabilities have been disclosed in UTT HiPER router products, affecting HiPER 1200GW devices up to version 2.5.3-170306 and HiPER 1250GW devices up to version 3.2.7-210907-180535. The flaws were assigned CVE-2026-4487 and CVE-2026-4488 and are both described as remotely exploitable buffer overflows tied to unsafe use of the strcpy function, with impact spanning confidentiality, integrity, and availability.
CVE-2026-4487 affects the /goform/websHostFilter component on the HiPER 1200GW, while CVE-2026-4488 affects /goform/setSysAdm on the HiPER 1250GW, where manipulation of the GroupName argument can trigger the overflow. The issues are mapped to CWE-119 and CWE-120, and public exploit disclosure has been noted for both, increasing the urgency for organizations using these devices to identify exposed systems and prioritize remediation or compensating controls.
Timeline
Mar 20, 2026
CVE-2026-4488 received for UTT HiPER 1250GW buffer overflow
CVE-2026-4488 was received by cna@vuldb.com for a remotely exploitable strcpy buffer overflow in the /goform/setSysAdm component of UTT HiPER 1250GW devices up to version 3.2.7-210907-180535. The flaw involves manipulation of the GroupName argument, and the entry noted public exploit information and high-impact CVSS assessments.
Mar 20, 2026
CVE-2026-4487 recorded for UTT HiPER 1200GW buffer overflow
A new CVE entry, CVE-2026-4487, was recorded for a remotely exploitable strcpy buffer overflow in the /goform/websHostFilter component of UTT HiPER 1200GW devices up to version 2.5.3-170306. The entry noted public exploit disclosure and high impact to confidentiality, integrity, and availability.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Affected Products
Sources
Related Stories
Publicly Exploitable Buffer Overflow Flaws Disclosed in UTT HiPER Gateway Routers
Two high-severity vulnerabilities have been disclosed in UTT HiPER gateway routers, affecting the **HiPER 1250GW** and **HiPER 1200GW** product lines. The flaws, tracked as `CVE-2026-5566` and `CVE-2026-6186`, are buffer overflows in the `strcpy` handling of the `/goform/formNatStaticMap` component. In both cases, an attacker can manipulate the `NatBind` argument to trigger the overflow on vulnerable firmware versions, including HiPER 1250GW up to `3.2.7-210907-180535` and HiPER 1200GW up to `2.5.3-170306`. The vulnerabilities are described as **remotely exploitable** with **low attack complexity**, and public exploit disclosure has already been noted for both issues, raising the risk of real-world abuse. The CVE records map the flaws to `CWE-119` and `CWE-120`, indicating classic memory-safety failures with potential impact on confidentiality, integrity, and availability. Organizations using affected UTT devices should urgently identify exposed systems, review vendor advisories and referenced technical details, and prioritize remediation or compensating controls for internet-accessible management interfaces.
2 weeks ago
Multiple Buffer Overflows Expose UTT HiPER 1250GW Routers to Remote Exploitation
Three high-severity vulnerabilities have been disclosed in **UTT HiPER 1250GW** devices running versions up to `3.2.7-210907-180535`, exposing the routers to remote buffer overflow attacks. The flaws, tracked as **CVE-2026-7418**, **CVE-2026-7419**, and **CVE-2026-7420**, affect `strcpy` handling in the `route/goform/NTP`, `route/goform/formTaskEdit_ap`, and `route/goform/ConfigAdvideo` components respectively. In each case, an attacker can manipulate the `Profile` argument to trigger memory corruption. The vulnerabilities are described as remotely exploitable with low attack complexity and low privileges, and public exploit code is already available. All three CVEs carry high impact ratings across confidentiality, integrity, and availability, and are mapped to **CWE-119** and **CWE-120**, indicating improper bounds handling and classic stack-based buffer overflow conditions. The disclosures point to a broad input-validation weakness in the device web management interface that could enable compromise of affected routers.
3 days ago
Stack-Based Overflows in Tenda FH451 and FH1201 Routers Expose Remote Attack Path
Two high-severity vulnerabilities have been disclosed in Tenda router firmware, affecting **FH451 `1.0.0.9`** and **FH1201 `1.2.0.14(408)`**. The flaws, tracked as **`CVE-2026-4535`** and **`CVE-2026-5045`**, are stack-based buffer overflows in the `WrlclientSet` function exposed through the `/goform/WrlclientSet` endpoint. In both cases, an attacker can trigger the issue by manipulating the `GO` argument, creating a remotely reachable attack path against the devices' web management interface. Both CVEs are classified under **`CWE-119`** and **`CWE-121`**, and published scoring indicates high impact to **confidentiality, integrity, and availability**, with some vectors rating the flaws at critical severity. Public exploit information is already available for both issues, raising the risk of real-world exploitation against unpatched internet-exposed routers and embedded deployments using the affected firmware.
1 months ago