UTT HiPER 1200GW CVE-2026-7513
HIGHSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
Buffer overflow in UTT HiPER 1200GW routers (versions up to 2.5.3-170306) allows authenticated remote attackers to execute arbitrary code or cause denial of service through the strcpy function in the /goform/formRemoteControl endpoint. Public exploit code exists (CVSS 7.4, E:P modifier). EPSS data not available, but low-privilege authenticated requirement and IoT router context suggest targeted attacks against exposed management interfaces rather than mass exploitation.
Technical ContextAI
This is a classic stack-based buffer overflow (CWE-119) in embedded router firmware. The vulnerable strcpy function in the formRemoteControl handler does not validate input length before copying user-controlled data to a fixed-size buffer. The /goform/ path indicates a CGI-based web management interface common in SOHO routers. UTT HiPER 1200GW is an enterprise-grade router with VPN capabilities, typically deployed in small-to-medium business networks. The strcpy vulnerability is a textbook unsafe C function issue where attacker-controlled parameters can overflow stack memory, overwriting return addresses and enabling code execution with the privileges of the web server process (typically root on embedded devices).
Affected ProductsAI
UTT HiPER 1200GW enterprise router running firmware versions up to and including 2.5.3-170306 (build date March 6, 2017). The vulnerability exists in the web management interface accessible via the /goform/formRemoteControl CGI endpoint. No CPE identifiers are available in the provided data. Vendor advisory status unknown; exploit details are documented in the researcher's GitHub repository at https://github.com/kirlic123/IOTvulner/blob/main/4035/4/4.md.
RemediationAI
No vendor-released patch has been identified in available data sources. Check with UTT Networks for firmware updates newer than 2.5.3-170306 that address this buffer overflow. If no patch exists or device is end-of-life, implement network-level compensating controls: (1) restrict access to the web management interface to trusted management networks only using firewall ACLs or VLANs - do not expose port 80/443 management to WAN or untrusted LANs; (2) disable remote management features if not required (side effect: loss of remote administration capability); (3) enforce strong authentication credentials and consider implementing external authentication via RADIUS/TACACS+ if supported; (4) monitor access logs for unexpected /goform/ POST requests with anomalous parameter sizes. Given the device's 2017 vintage, evaluate replacement with currently supported hardware as a long-term strategy. For detailed exploit analysis, consult https://vuldb.com/vuln/360324.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today