Skip to main content

810g Firmware CVE-2026-31066

| EUVDEUVD-2026-19265 MEDIUM
Classic Buffer Overflow (CWE-120)
2026-04-06 cve@mitre.org GHSA-2pm6-rcw9-992f
4.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.5 MEDIUM
AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 15:22 euvd
EUVD-2026-19265
Analysis Generated
Apr 06, 2026 - 15:22 vuln.today
CVE Published
Apr 06, 2026 - 15:17 nvd
MEDIUM 4.5

DescriptionCVE.org

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the formTaskEdit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

AnalysisAI

Buffer overflow in UTT Aggressive HiPER 810G v3 v1.7.7-171114 formTaskEdit function allows authenticated administrators to cause denial of service through a malformed selDateType parameter. The vulnerability is a classic stack-based buffer overflow (CWE-120) requiring high-privilege local network access; no public exploitation framework has been identified, and CVSS 4.5 reflects the limited scope (DoS only, no code execution or information disclosure).

Technical ContextAI

The vulnerability exists in the formTaskEdit function of UTT Aggressive HiPER 810G v3 firmware v1.7.7-171114, specifically in parameter handling for the selDateType input. The root cause is CWE-120 (Classic Buffer Overflow / Stack-based Buffer Overflow), a memory safety issue where user-supplied input to the selDateType parameter is copied into a fixed-size buffer without proper bounds checking. This is a traditional memory corruption flaw commonly found in embedded device firmware written in C/C++ without modern compiler protections. The attack vector is adjacent (AV:A), indicating the attacker must have network access to the same local segment as the device; the CVSS vector PR:H confirms only high-privilege users (administrative accounts) can trigger the vulnerability, significantly limiting its real-world exploitation scope.

RemediationAI

Contact UTT or check the device manufacturer's support portal for a patched firmware version addressing CVE-2026-31066. No specific patched version number is provided in available data, so obtain the latest stable firmware release for the UTT Aggressive HiPER 810G v3 and verify the security advisory references (https://nvd.nist.gov/vuln/detail/CVE-2026-31066 and https://github.com/zxq0408/Vul202601/blob/main/6.md) for confirmation of fix status. As an interim mitigation, restrict administrative access to the device to trusted accounts only and segment the network to minimize exposure to users who do not require administrative privileges. If firmware patching is delayed, monitor device logs for unexpected restarts or availability issues that may indicate exploitation attempts.

CVE-2026-2086 HIGH POC
8.8 Feb 07

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows authenticated attackers to achieve

CVE-2026-3016 HIGH POC
8.8 Feb 23

Remote code execution in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated attackers to achieve f

CVE-2026-3015 HIGH POC
8.8 Feb 23

Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated remote attackers to achieve

CVE-2026-2981 HIGH POC
8.8 Feb 23

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 allows authenticated remote attackers to exe

CVE-2026-2904 HIGH POC
8.8 Feb 22

Unauthenticated remote attackers can achieve complete system compromise through a buffer overflow in the UTT HiPER 810G

CVE-2026-3815 HIGH POC
8.8 Mar 09

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 via a buffer overflow in the /goform/formApM

CVE-2026-3814 HIGH POC
8.8 Mar 09

Unauthenticated remote attackers can achieve complete system compromise (code execution, data theft, and denial of servi

CVE-2026-3700 HIGH POC
8.8 Mar 08

Remote code execution in UTT HiPER 810G firmware up to version 1.7.7-171114 through a stack buffer overflow in the DNS f

CVE-2026-3699 HIGH POC
8.8 Mar 08

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 stems from an unsafe strcpy operation in t

CVE-2026-3698 HIGH POC
8.8 Mar 08

A buffer overflow in the NTP configuration handler of UTT HiPER 810G firmware versions up to 1.7.7-171114 enables authen

CVE-2026-2935 HIGH POC
7.2 Feb 22

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows unauthenticated attackers to overfl

CVE-2026-2980 HIGH POC
7.2 Feb 23

Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-1711 allows remote attackers with high privileges to exe

Share

CVE-2026-31066 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy