EUVD-2026-16152
GHSA-rr72-28mj-44vr
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Analysis
Buffer overflow in UTT HiPER 1250GW firmware versions up to 3.2.7-210907-180535 allows authenticated remote attackers to achieve code execution through a malformed GroupName parameter in the DNS filter configuration handler. Public exploit code exists for this vulnerability and no patch is currently available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all UTT HiPER 1250GW routers and document firmware versions currently deployed; isolate or restrict network access to affected devices (firmware ≤3.2.7-210907-180535) pending remediation. Within 7 days: Contact UTT for patch availability and ETA; implement network segmentation to limit administrative access to the /goform/formConfigDnsFilterGlobal endpoint; monitor for suspicious configuration changes or unauthorized access attempts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today