Publicly Exploitable Buffer Overflow Flaws Disclosed in UTT HiPER Gateway Routers
Two high-severity vulnerabilities have been disclosed in UTT HiPER gateway routers, affecting the HiPER 1250GW and HiPER 1200GW product lines. The flaws, tracked as CVE-2026-5566 and CVE-2026-6186, are buffer overflows in the strcpy handling of the /goform/formNatStaticMap component. In both cases, an attacker can manipulate the NatBind argument to trigger the overflow on vulnerable firmware versions, including HiPER 1250GW up to 3.2.7-210907-180535 and HiPER 1200GW up to 2.5.3-170306.
The vulnerabilities are described as remotely exploitable with low attack complexity, and public exploit disclosure has already been noted for both issues, raising the risk of real-world abuse. The CVE records map the flaws to CWE-119 and CWE-120, indicating classic memory-safety failures with potential impact on confidentiality, integrity, and availability. Organizations using affected UTT devices should urgently identify exposed systems, review vendor advisories and referenced technical details, and prioritize remediation or compensating controls for internet-accessible management interfaces.
Timeline
Apr 13, 2026
CVE-2026-6186 recorded for UTT HiPER 1200GW buffer overflow
A separate CVE entry was recorded for a remote buffer overflow in UTT HiPER 1200GW devices up to version 2.5.3-170306. The vulnerability also involves strcpy in /goform/formNatStaticMap through manipulation of the NatBind argument, with public exploit disclosure noted.
Apr 5, 2026
CVE-2026-5566 recorded for UTT HiPER 1250GW buffer overflow
A CVE entry was recorded for a remotely exploitable buffer overflow in UTT HiPER 1250GW devices up to version 3.2.7-210907-180535. The flaw affects strcpy handling in /goform/formNatStaticMap via the NatBind argument, and public exploit references were noted.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Vulnerabilities
Affected Products
Sources
Related Stories
Remote Buffer Overflows Disclosed in UTT HiPER 1200GW and 1250GW Routers
Two high-severity vulnerabilities have been disclosed in **UTT HiPER** router products, affecting **HiPER 1200GW** devices up to version `2.5.3-170306` and **HiPER 1250GW** devices up to version `3.2.7-210907-180535`. The flaws were assigned **`CVE-2026-4487`** and **`CVE-2026-4488`** and are both described as remotely exploitable buffer overflows tied to unsafe use of the `strcpy` function, with impact spanning confidentiality, integrity, and availability. `CVE-2026-4487` affects the `/goform/websHostFilter` component on the HiPER 1200GW, while `CVE-2026-4488` affects `/goform/setSysAdm` on the HiPER 1250GW, where manipulation of the `GroupName` argument can trigger the overflow. The issues are mapped to **`CWE-119`** and **`CWE-120`**, and public exploit disclosure has been noted for both, increasing the urgency for organizations using these devices to identify exposed systems and prioritize remediation or compensating controls.
1 months ago
Multiple Buffer Overflows Expose UTT HiPER 1250GW Routers to Remote Exploitation
Three high-severity vulnerabilities have been disclosed in **UTT HiPER 1250GW** devices running versions up to `3.2.7-210907-180535`, exposing the routers to remote buffer overflow attacks. The flaws, tracked as **CVE-2026-7418**, **CVE-2026-7419**, and **CVE-2026-7420**, affect `strcpy` handling in the `route/goform/NTP`, `route/goform/formTaskEdit_ap`, and `route/goform/ConfigAdvideo` components respectively. In each case, an attacker can manipulate the `Profile` argument to trigger memory corruption. The vulnerabilities are described as remotely exploitable with low attack complexity and low privileges, and public exploit code is already available. All three CVEs carry high impact ratings across confidentiality, integrity, and availability, and are mapped to **CWE-119** and **CWE-120**, indicating improper bounds handling and classic stack-based buffer overflow conditions. The disclosures point to a broad input-validation weakness in the device web management interface that could enable compromise of affected routers.
3 days ago
Publicly Exploitable Buffer Overflows Disclosed in Tenda FH451 and F453 Routers
Two high-severity vulnerabilities have been disclosed in Tenda router firmware, affecting **FH451 1.0.0.9** and **F453 1.0.0.3**. The flaws are tracked as `CVE-2026-4534` and `CVE-2026-4552` and both involve remotely reachable stack-based buffer overflows in web management handlers. In the FH451 case, the issue is in the `formWrlExtraSet` function exposed through the `/goform/WrlExtraSet` component, where manipulation of the `GO` argument can trigger memory corruption. In the F453 case, the vulnerable code is the `fromVirtualSer` function behind the `/goform/VirtualSer` endpoint, where the `page` argument can be abused to cause a similar overflow. Both CVE records indicate that **public exploits are available**, increasing the likelihood of opportunistic attacks against exposed devices. The disclosures map the weaknesses to `CWE-119` and `CWE-121`, reflecting out-of-bounds memory handling and stack-based buffer overflow conditions, and the published scoring points to high impact on confidentiality, integrity, and availability. Organizations using these Tenda models should treat the flaws as urgent remote compromise risks, especially where router administration interfaces are internet-accessible.
1 months ago