HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-11517Published Modified CNA VulDB

CVE-2026-11517: UTT HiPER 2610G formConfigDnsFilterGlobal strcpy buffer overflow

A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Metrics

CVSS v4.0
8.7
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A stack-based buffer overflow exists in the UTT HiPER 2610G router firmware, affecting the formConfigDnsFilterGlobal form handler up to version 3.0.0-171107. The vulnerability is reachable over the network by a low-privilege authenticated user who can manipulate the GroupName argument to overflow a fixed-size buffer via an unsafe strcpy call. Successful exploitation gives an attacker full read and write access to device memory and can crash or take over the affected device. No fix has been published yet; HarborGuard tracks the upstream advisory and will make a patched-image rebuild available as soon as one is released.

HarborGuard Coverage

Detection

Detection for CVE-2026-11517 is available across every HarborGuard environment: the CVE is ingested from upstream feeds, including VulDB, within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built firmware-derived or embedded-device images containing the affected UTT HiPER 2610G firmware components.

Available
Triage

HarborGuard is capable of scoring this finding at CVSS 4.0 8.7 (HIGH) and weighting it against each environment's compliance policy to determine priority; findings are routed to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

Because no upstream fix version has been published for CVE-2026-11517, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment the upstream vendor ships a corrected firmware release. Customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads without manual intervention.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable form handler is exposed over the network, so an attacker must be able to reach the device's web management interface across the network to send the malformed GroupName argument.

  • AuthenticationRequired

    The attack requires a low-privilege authenticated session on the device; any account with access to the DNS filter configuration form is sufficient.

  • Victim interactionNot required

    No victim interaction is needed; the attacker sends the crafted request directly to the form handler without requiring any action from another user.

  • Attack complexityDetail

    Attack complexity is low, meaning the overflow is reliably triggered without requiring specific race conditions, memory layout luck, or other variable environmental factors.

Blast Radius

  • An attacker can read arbitrary memory from the device, exposing credentials, session tokens, and configuration data stored in the router's process space.
  • An attacker can overwrite memory contents, modifying routing tables, DNS filter rules, or other persisted configuration on the device.
  • The overflow can crash the affected form handler process or the broader router firmware, taking down network connectivity for all devices behind the HiPER 2610G.
  • A working exploit gives the attacker the ability to execute arbitrary code on the device with the privileges of the web server process, enabling full device compromise.

How HarborGuard Handles This

Available on HarborGuard: this CVE is matched against images in customer registries and pipelines the moment it enters the feed, with findings scored at CVSS 4.0 8.7 HIGH and routed per each environment's compliance policy. Because no upstream fix exists yet, HarborGuard monitors the VulDB advisory and the UTT vendor channel on every ingest cycle; a patched-image rebuild will become available automatically when the vendor publishes a corrected firmware release. In the interim, compensating controls worth considering include network-policy isolation that restricts access to the router's web management interface to trusted subnets only, egress filtering to limit lateral movement from a compromised device, and disabling the DNS filter configuration form via a feature flag or ACL if the functionality is not required. For customers who opt into auto-remediation, once a fix version is published the pipeline will perform a rebuild, run regression tests, and open a PR against affected workloads with no manual steps required.

See how HarborGuard automates this
Affected packages
  • UTT / HiPER 2610G
    3.0.0-171107
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
References