Hiper 1200Gw
Monthly
Stack-based buffer overflow in UTT HiPER 1200GW routers (firmware up to 2.5.3-170306) allows authenticated remote attackers to corrupt memory via the Profile parameter in the /goform/formFireWall endpoint, where unsafe strcpy usage processes the input. Publicly available exploit code exists, increasing the realistic risk of attempted compromise against exposed management interfaces. No CISA KEV listing has been published, so exploitation is not yet confirmed active in the wild.
Stack-based buffer overflow in UTT HiPER 1200GW routers (firmware versions up to 2.5.3-170306) allows remote authenticated attackers to corrupt memory via the strcpy function in the /goform/formTaskEdit endpoint. Publicly available exploit code exists, raising the practical risk despite the requirement for low-level privileges. No KEV listing or EPSS data is provided in the input, so widespread automated exploitation has not been confirmed.
Buffer overflow in UTT HiPER 1200GW router versions up to 2.5.3-170306 enables remote authenticated attackers to execute arbitrary code with high privileges via malformed NatBind parameters to the /goform/formNatStaticMap endpoint. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barrier. EPSS data not available, but combination of network attack vector, low complexity (CVSS AC:L), and public POC indicates elevated real-world exploitation risk for internet-facing devices with weak credential protection.
Unauthenticated attackers can trigger a buffer overflow in UTT HiPER 1200GW firmware versions up to 2.5.3-170306 via the /goform/websHostFilter endpoint, enabling remote code execution with full system compromise. Public exploit code is available and there is currently no patch, leaving affected devices at immediate risk. The vulnerability requires only network access and valid credentials to exploit, making it readily actionable for threat actors.
Stack-based buffer overflow in UTT HiPER 1200GW routers (firmware up to 2.5.3-170306) allows authenticated remote attackers to corrupt memory via the Profile parameter in the /goform/formFireWall endpoint, where unsafe strcpy usage processes the input. Publicly available exploit code exists, increasing the realistic risk of attempted compromise against exposed management interfaces. No CISA KEV listing has been published, so exploitation is not yet confirmed active in the wild.
Stack-based buffer overflow in UTT HiPER 1200GW routers (firmware versions up to 2.5.3-170306) allows remote authenticated attackers to corrupt memory via the strcpy function in the /goform/formTaskEdit endpoint. Publicly available exploit code exists, raising the practical risk despite the requirement for low-level privileges. No KEV listing or EPSS data is provided in the input, so widespread automated exploitation has not been confirmed.
Buffer overflow in UTT HiPER 1200GW router versions up to 2.5.3-170306 enables remote authenticated attackers to execute arbitrary code with high privileges via malformed NatBind parameters to the /goform/formNatStaticMap endpoint. Publicly available exploit code exists (GitHub POC published), significantly lowering exploitation barrier. EPSS data not available, but combination of network attack vector, low complexity (CVSS AC:L), and public POC indicates elevated real-world exploitation risk for internet-facing devices with weak credential protection.
Unauthenticated attackers can trigger a buffer overflow in UTT HiPER 1200GW firmware versions up to 2.5.3-170306 via the /goform/websHostFilter endpoint, enabling remote code execution with full system compromise. Public exploit code is available and there is currently no patch, leaving affected devices at immediate risk. The vulnerability requires only network access and valid credentials to exploit, making it readily actionable for threat actors.