Which versions of UTT HiPER 2610G are affected by CVE-2026-11517?

UTT HiPER 2610G routers (firmware through version 3.0.0-171107) contain a stack buffer overflow vulnerability enabling authenticated attackers to remotely compromise network infrastructure.

Is there a public PoC exploit available for CVE-2026-11517?

Yes, a public proof-of-concept exploit is available for CVE-2026-11517. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-11517?

24 hours: Identify and inventory all UTT HiPER 2610G routers in production; restrict administrative access to these devices from trusted networks only and change any default credentials. 7 days: Implement network segmentation to limit direct administrative access; apply firewall rules to restrict access to the /goform/formConfigDnsFilterGlobal endpoint. 30 days: Monitor vendor advisories for security patches and prioritize firmware upgrades immediately upon availability; evaluate replacement hardware if patches remain unavailable beyond 60 days.

UTT HiPER 2610G CVE-2026-11517

Q: What is the CVSS score of CVE-2026-11517?

CVE-2026-11517 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-35067 HIGH

Classic Buffer Overflow (CWE-120)

2026-06-08 VulDB

GHSA-62vp-x748-29pj

Buffer Overflow Hiper 2610G

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Jun 08, 2026 - 15:43 vuln.today

v3 (cvss_changed)

Analysis Updated

Jun 08, 2026 - 15:42 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Jun 08, 2026 - 15:37 vuln.today

cvss_changed

CVSS changed

Jun 08, 2026 - 15:37 NVD

8.8 (HIGH) 7.4 (HIGH)

Analysis Generated

Jun 08, 2026 - 14:50 vuln.today

DescriptionCVE.org

A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Stack buffer overflow in UTT HiPER 2610G routers (firmware through 3.0.0-171107) allows authenticated remote attackers to corrupt memory by submitting an oversized GroupName parameter to the /goform/formConfigDnsFilterGlobal endpoint, which passes the input to an unsafe strcpy call. Publicly available exploit code exists (disclosed via VulDB and a GitHub PoC), and successful exploitation can compromise confidentiality, integrity, and availability of the device - typically meaning router takeover or denial of service. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Identify exposed HiPER 2610G admin UI

Delivery

Obtain low-privilege credentials

Exploit

Authenticate to web interface

Install

POST oversized GroupName to formConfigDnsFilterGlobal

Overflow stack buffer via strcpy

Execute

Hijack control flow on router

Impact

Execute code or crash device