Which versions of Hiper 810g are affected by EUVD-2026-12576?

Organizations using UTT HiPER 810G routers are at immediate risk of complete system compromise due to a publicly exploited buffer overflow vulnerability with no available patch.

Is there a public PoC exploit available for EUVD-2026-12576?

Yes, a public proof-of-concept exploit is available for EUVD-2026-12576. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2026-12576?

Within 24 hours: Inventory all UTT HiPER 810G devices running firmware versions through 1.7.7-171114 and isolate them from production networks if possible. Within 7 days: Implement network segmentation to restrict administrative access to affected routers and deploy WAF rules to block malicious requests to /goform/formApLbConfig. Within 30 days: Contact UTT for patch availability status; if no patch is released, develop a device replacement plan or evaluate alternative router solutions with active vendor support.

Hiper 810g EUVD-2026-12576

Q: What is the CVSS score of EUVD-2026-12576?

EUVD-2026-12576 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-4318 HIGH

Classic Buffer Overflow (CWE-120)

2026-03-17 VulDB

Buffer Overflow Hiper 810g

7.4

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

7.4 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 22, 2026 - 21:37 vuln.today

cvss_changed

CVSS changed

Apr 22, 2026 - 21:37 NVD

8.8 (HIGH) 7.4 (HIGH)

PoC Detected

Mar 18, 2026 - 14:52 vuln.today

Public exploit code

EUVD ID Assigned

Mar 17, 2026 - 20:30 euvd

EUVD-2026-12576

Analysis Generated

Mar 17, 2026 - 20:30 vuln.today

CVE Published

Mar 17, 2026 - 15:02 nvd

HIGH 8.8

DescriptionCVE.org

A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

AnalysisAI

Remote code execution in UTT HiPER 810G up to version 1.7.7-171114 through a buffer overflow in the /goform/formApLbConfig endpoint allows authenticated attackers to achieve complete system compromise. The vulnerability stems from unsafe use of strcpy() on the loadBalanceNameOld parameter, and public exploit code is currently available. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to UTT HiPER 810G

Delivery

Send POST request to /goform/formApLbConfig

Exploit

Craft oversized loadBalanceNameOld parameter

Execution

Overflow strcpy buffer

Impact

Execute arbitrary code with device privileges