UTT HiPER 1200GW CVE-2026-7512
HIGHSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
AnalysisAI
Buffer overflow in UTT HiPER 1200GW router (versions up to 2.5.3-1703) allows authenticated remote attackers to execute arbitrary code with elevated privileges via crafted input to the strcpy function in the /goform/formUser endpoint. Public exploit code exists on GitHub, significantly lowering the barrier to exploitation. While requiring low-privilege authentication (CVSS PR:L), the vulnerability enables full system compromise (VC:H/VI:H/VA:H) and has been assigned an E:P (Proof-of-concept) exploit maturity rating, indicating working demonstration code is available.
Technical ContextAI
This is a classic memory corruption vulnerability (CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer) affecting the web management interface of the UTT HiPER 1200GW enterprise router. The vulnerable code path is in the formUser handler at /goform/formUser, where user-supplied input is passed unsafely to the strcpy C library function without proper bounds checking. The strcpy function copies data until a null terminator is found, making it inherently unsafe when handling untrusted input. This class of vulnerability is particularly dangerous in embedded devices like routers, which often run with root privileges and lack modern memory protection mechanisms like ASLR or DEP. The affected firmware version 2.5.3-1703 and earlier suggests this is legacy code that predates secure coding practices.
Affected ProductsAI
UTT HiPER 1200GW enterprise router, firmware versions up to and including 2.5.3-1703. The vulnerability exists in the web-based management interface accessible via HTTP/HTTPS. No CPE identifier was provided in the analysis data. Vendor information and official advisory links were not available in the provided references, which consist only of third-party vulnerability database entries (VulDB) and the public exploit repository on GitHub.
RemediationAI
Check with UTT Networks for firmware updates beyond version 2.5.3-1703 that address this buffer overflow issue. As of this analysis, no vendor-released patch or fixed firmware version has been independently confirmed from available data sources. Until a patch is available, implement the following compensating controls: Restrict access to the router's web management interface (/goform/* endpoints) to trusted administrative networks only using firewall rules or access control lists - this eliminates remote attack surface while requiring attackers to first compromise the management network. Disable remote web administration entirely if command-line or local console management is feasible for your operational model (trade-off: reduces management flexibility). Implement strong authentication on all router accounts and monitor for unauthorized login attempts, as valid credentials are required for exploitation. Consider placing affected devices behind a web application firewall (WAF) configured to detect and block abnormally long input parameters to /goform/formUser, though this may cause false positives with legitimate administrative operations. For critical deployments, evaluate replacing affected devices with alternative router models until vendor patch availability is confirmed.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today