Skip to main content

810g Firmware EUVDEUVD-2026-19255

| CVE-2026-31060 MEDIUM
Classic Buffer Overflow (CWE-120)
2026-04-06 cve@mitre.org GHSA-495h-3r6f-j5gc
4.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.5 MEDIUM
AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 15:22 euvd
EUVD-2026-19255
Analysis Generated
Apr 06, 2026 - 15:22 vuln.today
CVE Published
Apr 06, 2026 - 15:17 nvd
MEDIUM 4.5

DescriptionCVE.org

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

AnalysisAI

Buffer overflow in UTT Aggressive HiPER 810G v3 version 1.7.7-171114 within the notes parameter of the formGroupConfig function enables authenticated administrators to trigger a denial of service condition through a crafted input. The vulnerability requires high-privilege access and cannot result in code execution, but represents a threat to device availability. No public exploit code has been independently confirmed, and this CVE does not appear on the CISA KEV catalog at time of analysis.

Technical ContextAI

The vulnerability is a classic stack or heap buffer overflow (CWE-120) in a web-accessible configuration function. The formGroupConfig function fails to properly validate the length of the notes parameter before copying user-supplied data into a fixed-size buffer, allowing an authenticated administrator to write beyond buffer boundaries. This memory corruption triggers a denial of service condition on the UTT Aggressive HiPER 810G device, which is a network appliance or telecommunications equipment. The affected product is identified via CPE pattern for UTT devices running firmware version 1.7.7-171114.

RemediationAI

Contact UTT support or monitor the vendor's security advisory at https://nvd.nist.gov/vuln/detail/CVE-2026-31060 for availability of a firmware patch. Interim mitigation includes restricting administrative access to the formGroupConfig function and limiting network-adjacent access to the device's web interface through network segmentation and firewall rules. If a patched firmware version is released, apply it as soon as possible to all affected HiPER 810G v3 devices. Until a patch is available, monitor device logs for errors related to configuration management and enforce the principle of least privilege for administrative accounts.

CVE-2026-2086 HIGH POC
8.8 Feb 07

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows authenticated attackers to achieve

CVE-2026-3016 HIGH POC
8.8 Feb 23

Remote code execution in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated attackers to achieve f

CVE-2026-3015 HIGH POC
8.8 Feb 23

Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-171114 allows authenticated remote attackers to achieve

CVE-2026-2981 HIGH POC
8.8 Feb 23

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 allows authenticated remote attackers to exe

CVE-2026-2904 HIGH POC
8.8 Feb 22

Unauthenticated remote attackers can achieve complete system compromise through a buffer overflow in the UTT HiPER 810G

CVE-2026-3815 HIGH POC
8.8 Mar 09

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-1711 via a buffer overflow in the /goform/formApM

CVE-2026-3814 HIGH POC
8.8 Mar 09

Unauthenticated remote attackers can achieve complete system compromise (code execution, data theft, and denial of servi

CVE-2026-3700 HIGH POC
8.8 Mar 08

Remote code execution in UTT HiPER 810G firmware up to version 1.7.7-171114 through a stack buffer overflow in the DNS f

CVE-2026-3699 HIGH POC
8.8 Mar 08

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 stems from an unsafe strcpy operation in t

CVE-2026-3698 HIGH POC
8.8 Mar 08

A buffer overflow in the NTP configuration handler of UTT HiPER 810G firmware versions up to 1.7.7-171114 enables authen

CVE-2026-2935 HIGH POC
7.2 Feb 22

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows unauthenticated attackers to overfl

CVE-2026-2980 HIGH POC
7.2 Feb 23

Buffer overflow in UTT HiPER 810G firmware versions up to 1.7.7-1711 allows remote attackers with high privileges to exe

Share

EUVD-2026-19255 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy