HIGHCVE-2026-4862Published 2026-03-26Modified 2026-03-26CNA VulDB

CVE-2026-4862: UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS v4.0: 8.7
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

UTT / HiPER 1250GW
3.2.7-210907-180535

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

References

VDB-353193 | UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow
VDB-353193 | CTI Indicators (IOB, IOC, IOA)
Submit #776230 | UTT HiPER 1250GW <=v3.2.7-210907-180535 Buffer Overflow
github.com

Metrics