Which versions of UTT HiPER 1200GW are affected by CVE-2026-9627?

The UTT HiPER 1200GW router contains a stack buffer overflow vulnerability (CVE-2026-9627, CVSS 7.4) in the Web Management Interface that allows authenticated, low-privileged users to crash the…

UTT HiPER 1200GW CVE-2026-9627

Q: What is the CVSS score of CVE-2026-9627?

CVE-2026-9627 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-32030 HIGH

Buffer Overflow (CWE-119)

2026-05-27 cna@vuldb.com

GHSA-6j5g-8276-89jq

Buffer Overflow

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

May 27, 2026 - 20:27 vuln.today

DescriptionNVD

A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Stack buffer overflow in the UTT HiPER 1200GW router (firmware up to 2.5.3-170306) lets a remote, low-privileged user crash the device or potentially execute arbitrary code by submitting oversized sysAdmUser or sysAdmPass values to the /goform/setSysAdm endpoint of the Web Management Interface. The flaw stems from an unbounded strcpy call, and publicly available exploit code exists, though EPSS rates near-term mass exploitation as very low (0.04%). …

RemediationAI

Within 24 hours: identify and document all UTT HiPER 1200GW routers in production with their firmware versions, then restrict Web Management Interface network access to essential administrative accounts and trusted IP ranges only. Within 7 days: implement network segmentation isolating router management traffic, enable detailed logging of /goform/setSysAdm endpoint access, and configure alerts for oversized parameter submissions. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-9627 vulnerability details – vuln.today

Back

UTT HiPER 1200GW CVE-2026-9627

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

UTT HiPER 1200GW CVE-2026-9627

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code