What is the CVSS score of CVE-2026-3699?

CVE-2026-3699 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of 810g Firmware are affected by CVE-2026-3699?

A critical buffer overflow vulnerability in UTT HiPER 810G devices (versions up to 1.7.7-171114) allows remote attackers to execute arbitrary code with a CVSS score of 8.8.

Is there a public PoC exploit available for CVE-2026-3699?

Yes, a public proof-of-concept exploit is available for CVE-2026-3699. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-3699?

Within 24 hours: Inventory all UTT HiPER 810G devices in your environment and document network exposure. Within 7 days: Implement network segmentation to restrict access to affected devices, disable remote management features if not operationally critical, and deploy WAF rules to block malicious requests to /goform/formRemoteControl endpoint. Within 30 days: Monitor vendor communication for security patches and establish upgrade timeline; consider device replacement if patches remain unavailable and business risk justifies capital expenditure.

810g Firmware CVE-2026-3699

HIGH

Buffer Overflow (CWE-119)

2026-03-08 cna@vuldb.com

Buffer Overflow 810g Firmware

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 10, 2026 - 15:21 vuln.today

Public exploit code

CVE Published

Mar 08, 2026 - 03:16 nvd

HIGH 8.8

DescriptionCVE.org

A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 stems from an unsafe strcpy operation in the /goform/formRemoteControl function that enables unauthenticated attackers to trigger a buffer overflow. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected devices at immediate risk.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to HiPER 810G device

Exploit

Send oversized input to /goform/formRemoteControl

Execution

Trigger strcpy buffer overflow

Impact

Execute arbitrary code with device privileges

Access

Authenticate to HiPER 810G device

Exploit

Send oversized input to /goform/formRemoteControl

Execution

Trigger strcpy buffer overflow

Impact

Execute arbitrary code with device privileges

Vulnerability AssessmentAI

Exploitation	UTT HiPER 810G firmware version up to 1.7.7-171114. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 8.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker could exploit this flaw, buffer overflow.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all UTT HiPER 810G devices in your environment and document network exposure. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-3699 vulnerability details – vuln.today

Back

810g Firmware CVE-2026-3699

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code