Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
AnalysisAI
Stack buffer overflow in the UTT HiPER 1200GW router (firmware up to 2.5.3-170306) lets a remote, low-privileged user crash the device or potentially execute arbitrary code by submitting oversized sysAdmUser or sysAdmPass values to the /goform/setSysAdm endpoint of the Web Management Interface. The flaw stems from an unbounded strcpy call, and publicly available exploit code exists, though EPSS rates near-term mass exploitation as very low (0.04%). No CISA KEV listing or vendor patch has been identified.
Technical ContextAI
The affected device is the UTT HiPER 1200GW, a SOHO/enterprise gateway router whose administrative functions are exposed through an HTTP-based Web Management Interface implemented with the common embedded 'goform' CGI handler pattern. The vulnerable routine is the setSysAdm handler, which copies the attacker-controlled sysAdmUser and sysAdmPass parameters into a fixed-size stack buffer using strcpy() without validating input length. This maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer): because strcpy performs no bounds checking, supplying a string longer than the destination buffer overwrites adjacent stack memory, including saved registers and the return address - the classic precondition for control-flow hijacking on MIPS/ARM-based embedded firmware typical of these routers.
RemediationAI
No vendor-released patch identified at time of analysis, so remediation centers on reducing exposure of the management plane. Restrict access to the Web Management Interface to trusted administrative hosts only - disable WAN-side/remote management entirely and bind the admin interface to the LAN or a dedicated management VLAN, accepting the trade-off that remote administration must then occur over a VPN. Because the flaw requires authenticated access (PR:L), enforce strong, unique administrator credentials and rotate any defaults, and place an upstream filter or ACL to block external access to the /goform/setSysAdm path and the HTTP admin port; the side effect is that legitimate off-network management is blocked until a VPN or jump host is used. Monitor the device vendor (UTT) for a firmware release addressing CVE-2026-9627 and apply it once published, and consult the VulDB entry (https://vuldb.com/vuln/365683) for updates. Given the device's age and EoL likelihood, evaluate replacement if no patched firmware becomes available.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32030
GHSA-6j5g-8276-89jq