Skip to main content

UTT HiPER CVE-2026-9631

| EUVDEUVD-2026-32032 HIGH
Buffer Overflow (CWE-119)
2026-05-27 cna@vuldb.com GHSA-rw9v-f8p5-m34c
7.4
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
May 27, 2026 - 20:40 vuln.today

DescriptionCVE.org

A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectionW of the component Web Management Interface. Performing a manipulation of the argument Profile results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.

AnalysisAI

Stack-based buffer overflow in the web management interface of the UTT HiPER 1250GW router (firmware through 3.2.7-210907-180535) lets a remote, low-privileged attacker corrupt memory by submitting an oversized Profile value to the /goform/formConfigFastDirectionW handler, which passes it to an unbounded strcpy. The CVSS 4.0 vector rates confidentiality, integrity, and availability impact as High, consistent with potential code execution or device crash. Publicly available exploit code exists per the VulDB submission, though EPSS is very low (0.04%, 13th percentile) and there is no public exploit identified as actively exploited.

Share

CVE-2026-9631 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy