Skip to main content

UTT HiPER 1200GW CVE-2026-9627

| EUVDEUVD-2026-32030 HIGH
Buffer Overflow (CWE-119)
2026-05-27 cna@vuldb.com GHSA-6j5g-8276-89jq
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
May 27, 2026 - 20:27 vuln.today

DescriptionCVE.org

A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management Interface. The manipulation of the argument sysAdmUser/sysAdmPass results in buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

AnalysisAI

Stack buffer overflow in the UTT HiPER 1200GW router (firmware up to 2.5.3-170306) lets a remote, low-privileged user crash the device or potentially execute arbitrary code by submitting oversized sysAdmUser or sysAdmPass values to the /goform/setSysAdm endpoint of the Web Management Interface. The flaw stems from an unbounded strcpy call, and publicly available exploit code exists, though EPSS rates near-term mass exploitation as very low (0.04%). No CISA KEV listing or vendor patch has been identified.

Technical ContextAI

The affected device is the UTT HiPER 1200GW, a SOHO/enterprise gateway router whose administrative functions are exposed through an HTTP-based Web Management Interface implemented with the common embedded 'goform' CGI handler pattern. The vulnerable routine is the setSysAdm handler, which copies the attacker-controlled sysAdmUser and sysAdmPass parameters into a fixed-size stack buffer using strcpy() without validating input length. This maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer): because strcpy performs no bounds checking, supplying a string longer than the destination buffer overwrites adjacent stack memory, including saved registers and the return address - the classic precondition for control-flow hijacking on MIPS/ARM-based embedded firmware typical of these routers.

RemediationAI

No vendor-released patch identified at time of analysis, so remediation centers on reducing exposure of the management plane. Restrict access to the Web Management Interface to trusted administrative hosts only - disable WAN-side/remote management entirely and bind the admin interface to the LAN or a dedicated management VLAN, accepting the trade-off that remote administration must then occur over a VPN. Because the flaw requires authenticated access (PR:L), enforce strong, unique administrator credentials and rotate any defaults, and place an upstream filter or ACL to block external access to the /goform/setSysAdm path and the HTTP admin port; the side effect is that legitimate off-network management is blocked until a VPN or jump host is used. Monitor the device vendor (UTT) for a firmware release addressing CVE-2026-9627 and apply it once published, and consult the VulDB entry (https://vuldb.com/vuln/365683) for updates. Given the device's age and EoL likelihood, evaluate replacement if no patched firmware becomes available.

Share

CVE-2026-9627 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy