Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web Management Interface. Executing a manipulation of the argument Profile can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
AnalysisAI
Stack-based buffer overflow in the UTT HiPER 1250GW router (firmware up to 3.2.7-210907-180535) lets a network-adjacent authenticated user corrupt memory by supplying an oversized 'Profile' argument to the /goform/formGroupConfig endpoint of the Web Management Interface. The CVSS 4.0 score is 7.4, and publicly available exploit code exists, though the EPSS probability is very low (0.04%, 13th percentile) and it is not on the CISA KEV list. Successful exploitation can crash the device or potentially achieve arbitrary code execution on the router's management plane.
Technical ContextAI
The affected component is the embedded HTTP-based Web Management Interface of the UTT HiPER 1250GW, a SOHO/enterprise gateway router. The vulnerable handler /goform/formGroupConfig processes a 'Profile' parameter and passes it to the C library function strcpy, which performs no bounds checking on the destination buffer. This maps to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer): because the input length is not validated against the fixed-size stack buffer before the copy, attacker-controlled data overruns the buffer and can overwrite adjacent stack contents, including saved return addresses. Such overflows in MIPS/ARM-based router firmware commonly lead to denial of service and, with reliable offset control, remote code execution in the context of the web server process.
RemediationAI
No vendor-released patch identified at time of analysis - the references contain only VulDB tracking pages and a GitHub proof-of-concept, with no UTT advisory or fixed firmware version, so a specific upgrade target cannot be cited. As compensating controls, restrict access to the Web Management Interface so it is never exposed to the WAN/internet and is reachable only from a dedicated management VLAN or trusted admin hosts (trade-off: legitimate remote administration must instead go through a VPN), and block external access to the device's HTTP/HTTPS management ports at the network perimeter. Because exploitation requires authenticated access (PR:L), enforce strong, unique administrative credentials and disable any default or shared accounts to raise the bar (trade-off: none beyond operational hygiene). Monitor the device for crashes/reboots indicative of overflow attempts, and contact UTT for fixed firmware; apply any released patched build once confirmed. References: https://vuldb.com/vuln/365741 and https://github.com/luozhibo-sec/cve/blob/main/12.md.
Same weakness CWE-119 – Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-32038
GHSA-w4xq-7wm3-fmq4