Which versions of Hiper 1250Gw are affected by CVE-2026-4488?

A critical remote code execution vulnerability affecting UTT HiPER 1250GW wireless routers poses an immediate threat to organizational network security.

Is there a public PoC exploit available for CVE-2026-4488?

Yes, a public proof-of-concept exploit is available for CVE-2026-4488. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-4488?

Within 24 hours: Inventory all UTT HiPER 1250GW devices in production and restrict administrative access to the /goform/setSysAdm endpoint. Within 7 days: Isolate affected devices from sensitive network segments, disable remote administration capabilities, and implement network segmentation to limit lateral movement. Within 30 days: Replace affected routers with alternative vendor equipment that receives active security patching, or await vendor firmware release and complete replacement before returning devices to service.

Hiper 1250Gw CVE-2026-4488

Q: What is the CVSS score of CVE-2026-4488?

CVE-2026-4488 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-13727 HIGH

Classic Buffer Overflow (CWE-120)

2026-03-20 VulDB

Buffer Overflow Hiper 1250Gw

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 21:37 vuln.today

cvss_changed

CVSS changed

Apr 22, 2026 - 21:37 NVD

8.8 (HIGH) 7.4 (HIGH)

PoC Detected

Mar 24, 2026 - 15:54 vuln.today

Public exploit code

EUVD ID Assigned

Mar 20, 2026 - 15:52 euvd

EUVD-2026-13727

Analysis Generated

Mar 20, 2026 - 15:52 vuln.today

CVE Published

Mar 20, 2026 - 15:32 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

AnalysisAI

Remote code execution in UTT HiPER 1250GW firmware versions up to 3.2.7 allows authenticated attackers to overflow a buffer in the /goform/setSysAdm function via a malicious GroupName parameter. Public exploit code exists for this vulnerability, and no patch is currently available. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate with valid credentials

Delivery

Send POST request to /goform/setSysAdm

Exploit

Supply oversized GroupName parameter

Execution

Overflow strcpy buffer

Impact

Execute arbitrary code on device