Which versions of Hiper 1250Gw are affected by CVE-2026-4862?

UTT HiPER 1250GW routers running firmware version 3.2.7-210907-180535 and earlier contain a critical buffer overflow vulnerability that allows authenticated attackers to completely compromise router…

Is there a public PoC exploit available for CVE-2026-4862?

Yes, a public proof-of-concept exploit is available for CVE-2026-4862. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-4862?

Within 24 hours: Inventory all UTT HiPER 1250GW routers and document firmware versions currently deployed; isolate or restrict network access to affected devices (firmware ≤3.2.7-210907-180535) pending remediation. Within 7 days: Contact UTT for patch availability and ETA; implement network segmentation to limit administrative access to the /goform/formConfigDnsFilterGlobal endpoint; monitor for suspicious configuration changes or unauthorized access attempts. Within 30 days: Apply vendor-released patch immediately upon availability; if patch is not released within 30 days, develop a replacement or decommissioning timeline for affected routers.

Hiper 1250Gw CVE-2026-4862

Q: What is the CVSS score of CVE-2026-4862?

CVE-2026-4862 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-16152 HIGH

Classic Buffer Overflow (CWE-120)

2026-03-26 VulDB

GHSA-rr72-28mj-44vr

Buffer Overflow Hiper 1250Gw

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 24, 2026 - 16:37 vuln.today

cvss_changed

PoC Detected

Mar 30, 2026 - 13:26 vuln.today

Public exploit code

EUVD ID Assigned

Mar 26, 2026 - 09:30 euvd

EUVD-2026-16152

Analysis Generated

Mar 26, 2026 - 09:30 vuln.today

CVE Published

Mar 26, 2026 - 09:00 nvd

HIGH 7.4

DescriptionCVE.org

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

AnalysisAI

Buffer overflow in UTT HiPER 1250GW firmware versions up to 3.2.7-210907-180535 allows authenticated remote attackers to achieve code execution through a malformed GroupName parameter in the DNS filter configuration handler. Public exploit code exists for this vulnerability and no patch is currently available. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to UTT HiPER 1250GW

Delivery

Send crafted DNS filter configuration request

Exploit

Inject oversized GroupName parameter

Execution

Overflow strcpy buffer in formConfigDnsFilterGlobal

Impact

Execute arbitrary code with device privileges