Skip to main content

810g Firmware CVE-2026-31061

| EUVDEUVD-2026-19257 MEDIUM
Classic Buffer Overflow (CWE-120)
2026-04-06 cve@mitre.org GHSA-rx8h-94vm-wff9
4.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.5 MEDIUM
AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 15:22 euvd
EUVD-2026-19257
Analysis Generated
Apr 06, 2026 - 15:22 vuln.today
CVE Published
Apr 06, 2026 - 15:17 nvd
MEDIUM 4.5

DescriptionCVE.org

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the timestart parameter of the ConfigAdvideo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

AnalysisAI

Buffer overflow in UTT Aggressive HiPER 810G v3 v1.7.7-171114 ConfigAdvideo function allows authenticated local attackers with high privileges to cause denial of service by crafting malicious input to the timestart parameter. The vulnerability scores low-to-moderate risk (CVSS 4.5) due to strict prerequisites: network access limited to adjacent network only, high privilege requirement, and impact restricted to availability.

Technical ContextAI

This vulnerability is a classic stack-based or heap-based buffer overflow (CWE-120: Buffer Copy without Checking Size of Input) in a video configuration function of an IP surveillance appliance. The timestart parameter lacks input validation and boundary checking when processed by the ConfigAdvideo function. UTT Aggressive HiPER 810G v3 is a network video recorder/surveillance device; the vulnerability exists specifically in firmware version 1.7.7-171114. Attackers exploiting this would craft oversized or specially formatted input that overwrites adjacent memory, leading to process crash or device malfunction rather than code execution due to modern mitigations.

RemediationAI

Contact UTT or check the vendor support portal for a firmware update beyond version 1.7.7-171114. As patch version information is not provided in available references, confirm with the device manufacturer whether a fixed firmware release is available and proceed with upgrade following the vendor's documented firmware update procedure. Until a patch is available, restrict administrative access to the device configuration interface to trusted personnel only and monitor the adjacent network for suspicious configuration attempts. The GitHub link (https://github.com/zxq0408/Vul202601/blob/main/1.md) may contain proof-of-concept details but should not be considered a reliable remediation source; refer to official UTT channels for patches.

CVE-2026-2086 HIGH POC
8.8 Feb 07

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows authenticated attackers to achieve

CVE-2026-3016 HIGH POC
8.8 Feb 23

Remote code execution in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated attackers to achieve f

CVE-2026-3015 HIGH POC
8.8 Feb 23

Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated remote attackers to achieve

CVE-2026-2981 HIGH POC
8.8 Feb 23

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 allows authenticated remote attackers to exe

CVE-2026-2904 HIGH POC
8.8 Feb 22

Unauthenticated remote attackers can achieve complete system compromise through a buffer overflow in the UTT HiPER 810G

CVE-2026-3815 HIGH POC
8.8 Mar 09

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 via a buffer overflow in the /goform/formApM

CVE-2026-3814 HIGH POC
8.8 Mar 09

Unauthenticated remote attackers can achieve complete system compromise (code execution, data theft, and denial of servi

CVE-2026-3700 HIGH POC
8.8 Mar 08

Remote code execution in UTT HiPER 810G firmware up to version 1.7.7-171114 through a stack buffer overflow in the DNS f

CVE-2026-3699 HIGH POC
8.8 Mar 08

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 stems from an unsafe strcpy operation in t

CVE-2026-3698 HIGH POC
8.8 Mar 08

A buffer overflow in the NTP configuration handler of UTT HiPER 810G firmware versions up to 1.7.7-171114 enables authen

CVE-2026-2935 HIGH POC
7.2 Feb 22

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows unauthenticated attackers to overfl

CVE-2026-2980 HIGH POC
7.2 Feb 23

Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-1711 allows remote attackers with high privileges to exe

Share

CVE-2026-31061 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy