Severity by source
AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the formTaskEdit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
AnalysisAI
Buffer overflow in UTT Aggressive HiPER 810G v3 v1.7.7-171114 formTaskEdit function allows authenticated administrators to cause denial of service through a malformed selDateType parameter. The vulnerability is a classic stack-based buffer overflow (CWE-120) requiring high-privilege local network access; no public exploitation framework has been identified, and CVSS 4.5 reflects the limited scope (DoS only, no code execution or information disclosure).
Technical ContextAI
The vulnerability exists in the formTaskEdit function of UTT Aggressive HiPER 810G v3 firmware v1.7.7-171114, specifically in parameter handling for the selDateType input. The root cause is CWE-120 (Classic Buffer Overflow / Stack-based Buffer Overflow), a memory safety issue where user-supplied input to the selDateType parameter is copied into a fixed-size buffer without proper bounds checking. This is a traditional memory corruption flaw commonly found in embedded device firmware written in C/C++ without modern compiler protections. The attack vector is adjacent (AV:A), indicating the attacker must have network access to the same local segment as the device; the CVSS vector PR:H confirms only high-privilege users (administrative accounts) can trigger the vulnerability, significantly limiting its real-world exploitation scope.
RemediationAI
Contact UTT or check the device manufacturer's support portal for a patched firmware version addressing CVE-2026-31066. No specific patched version number is provided in available data, so obtain the latest stable firmware release for the UTT Aggressive HiPER 810G v3 and verify the security advisory references (https://nvd.nist.gov/vuln/detail/CVE-2026-31066 and https://github.com/zxq0408/Vul202601/blob/main/6.md) for confirmation of fix status. As an interim mitigation, restrict administrative access to the device to trusted accounts only and segment the network to minimize exposure to users who do not require administrative privileges. If firmware patching is delayed, monitor device logs for unexpected restarts or availability issues that may indicate exploitation attempts.
More in 810g Firmware
View allRemote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows authenticated attackers to achieve
Remote code execution in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated attackers to achieve f
Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated remote attackers to achieve
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 allows authenticated remote attackers to exe
Unauthenticated remote attackers can achieve complete system compromise through a buffer overflow in the UTT HiPER 810G
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 via a buffer overflow in the /goform/formApM
Unauthenticated remote attackers can achieve complete system compromise (code execution, data theft, and denial of servi
Remote code execution in UTT HiPER 810G firmware up to version 1.7.7-171114 through a stack buffer overflow in the DNS f
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 stems from an unsafe strcpy operation in t
A buffer overflow in the NTP configuration handler of UTT HiPER 810G firmware versions up to 1.7.7-171114 enables authen
Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows unauthenticated attackers to overfl
Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-1711 allows remote attackers with high privileges to exe
Same weakness CWE-120 – Classic Buffer Overflow
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19265
GHSA-2pm6-rcw9-992f