Which versions of Hiper 1250Gw are affected by CVE-2026-5566?

UTT HiPER 1250GW routers running firmware versions 3.2.7 and earlier contain a buffer overflow vulnerability that allows authenticated users to execute arbitrary code, potentially compromising…

Is there a public PoC exploit available for CVE-2026-5566?

Yes, a public proof-of-concept exploit is available for CVE-2026-5566. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-5566?

Within 24 hours: Identify all UTT HiPER 1250GW devices in your network and document current firmware versions via device inventory or management console. Within 7 days: Contact UTT for patch availability status and timeline; implement IP-based access restrictions to the router's web management interface (block access to port 443/HTTP management from untrusted networks). Within 30 days: Deploy patched firmware to all affected devices immediately upon vendor release, or prepare for replacement if UTT does not release a patch within 90 days; enforce strong, unique administrative credentials across all router instances and enable multi-factor authentication if available.

Hiper 1250Gw CVE-2026-5566

Q: What is the CVSS score of CVE-2026-5566?

CVE-2026-5566 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-19079 HIGH

Classic Buffer Overflow (CWE-120)

2026-04-05 VulDB

GHSA-xgwr-cg3h-pjvj

Buffer Overflow Hiper 1250Gw

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 24, 2026 - 18:22 vuln.today

cvss_changed

PoC Detected

Apr 07, 2026 - 13:20 vuln.today

Public exploit code

EUVD ID Assigned

Apr 05, 2026 - 12:30 euvd

EUVD-2026-19079

Analysis Generated

Apr 05, 2026 - 12:30 vuln.today

CVE Published

Apr 05, 2026 - 12:15 nvd

HIGH 7.4

DescriptionCVE.org

A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.

AnalysisAI

Buffer overflow in UTT HiPER 1250GW router firmware (versions ≤3.2.7-210907-180535) allows authenticated remote attackers to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. The vulnerability resides in the strcpy function within /goform/formNatStaticMap endpoint, where manipulation of the NatBind parameter triggers memory corruption. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to UTT HiPER device

Delivery

Send crafted request to /goform/formNatStaticMap

Exploit

Inject oversized NatBind parameter

Execution

Trigger strcpy buffer overflow

Impact

Execute arbitrary code on device