What is the CVSS score of CVE-2026-2981?

CVE-2026-2981 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of 810g Firmware are affected by CVE-2026-2981?

A critical buffer overflow vulnerability (CVE-2026-2981) affects UTT HiPER 810G access points up to version 1.7.7-1711, allowing unauthenticated attackers to execute arbitrary code with CVSS 8.8…

Is there a public PoC exploit available for CVE-2026-2981?

Yes, a public proof-of-concept exploit is available for CVE-2026-2981. Prioritise patching immediately. EPSS: 0.1%.

810g Firmware CVE-2026-2981

HIGH

Buffer Overflow (CWE-119)

2026-02-23 cna@vuldb.com

Buffer Overflow 810g Firmware

8.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 24, 2026 - 20:02 vuln.today

Public exploit code

CVE Published

Feb 23, 2026 - 09:17 nvd

HIGH 8.8

DescriptionNVD

A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.

AnalysisAI

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 allows authenticated remote attackers to execute arbitrary code by exploiting a buffer overflow in the /goform/formTaskEdit_ap endpoint. An attacker can trigger the vulnerability by crafting a malicious txtMin2 parameter that overflows the strcpy function, and public exploit code exists for this flaw. …

RemediationAI

Within 24 hours: Identify and inventory all UTT HiPER 810G devices running version 1.7.7-1711 or earlier; isolate affected devices from production networks if possible and implement network segmentation. Within 7 days: Deploy WAF rules and IDS/IPS signatures to detect exploitation attempts on the /goform/formTaskEdit_ap endpoint; disable remote management interfaces if operationally feasible. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-2981 vulnerability details – vuln.today

Back

810g Firmware CVE-2026-2981

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code