What is the CVSS score of CVE-2026-3700?

CVE-2026-3700 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of 810g Firmware are affected by CVE-2026-3700?

A critical buffer overflow vulnerability in UTT HiPER 810G devices (versions up to 1.7.7-171114) allows unauthenticated attackers to execute arbitrary code with high severity (CVSS 8.8).

Is there a public PoC exploit available for CVE-2026-3700?

Yes, a public proof-of-concept exploit is available for CVE-2026-3700. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2026-3700?

Within 24 hours: Inventory all UTT HiPER 810G devices in production and isolate affected units from untrusted networks; implement network access controls restricting traffic to the vulnerable /goform/formConfigDnsFilterGlobal endpoint. Within 7 days: Deploy WAF rules or IDS/IPS signatures to block malicious requests to the affected endpoint; disable DNS filter configuration features if operationally feasible. Within 30 days: Evaluate replacement of affected devices with alternative vendors; contact UTT for patch availability status and timeline; document all compensating controls in risk register pending vendor remediation.

810g Firmware CVE-2026-3700

HIGH

Buffer Overflow (CWE-119)

2026-03-08 cna@vuldb.com

Buffer Overflow 810g Firmware

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 10, 2026 - 15:11 vuln.today

Public exploit code

CVE Published

Mar 08, 2026 - 03:16 nvd

HIGH 8.8

DescriptionCVE.org

A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

AnalysisAI

Remote code execution in UTT HiPER 810G firmware up to version 1.7.7-171114 through a stack buffer overflow in the DNS filter configuration function allows authenticated attackers to execute arbitrary commands with full system privileges. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to device

Exploit

Send crafted DNS filter config

Execution

Overflow strcpy buffer

Impact

Execute arbitrary code

Access

Authenticate to device

Exploit

Send crafted DNS filter config

Execution

Overflow strcpy buffer

Impact

Execute arbitrary code

Vulnerability AssessmentAI

Exploitation	UTT HiPER 810G firmware version up to 1.7.7-171114. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 8.8 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker could exploit this vulnerability to compromise the affected system.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all UTT HiPER 810G devices in production and isolate affected units from untrusted networks; implement network access controls restricting traffic to the vulnerable /goform/formConfigDnsFilterGlobal endpoint. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-3700 vulnerability details – vuln.today

Back

810g Firmware CVE-2026-3700

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code