CVE-2026-4862

HIGH

UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow

Title source: cna

Description

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

References (4)

[Exploit] https://github.com/kirlic123/IOTvulner/blob/main/309-1/5.md

View Exploit ZIP pw:eip

[Vdb Entry, Technical Description] https://vuldb.com/?id.353193

[Signature, Permissions Required] https://vuldb.com/?ctiid.353193

[Third Party Advisory] https://vuldb.com/?submit.776230

Scores

CVSS v3 8.8

EPSS 0.0005

EPSS Percentile 16.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-119 CWE-120

Status published

Products (1)

UTT/HiPER 1250GW 3.2.7-210907-180535

Published Mar 26, 2026

Tracked Since Mar 26, 2026