CVE-2026-9627

Vulnerability

A stack-based buffer overflow vulnerability exists in the UTT HiPER 1200GW router firmware up to version 2.5.3-170306 within the /goform/setSysAdm endpoint of the Web Management Interface. The flaw is triggered by the insecure use of strcpy when copying the sysAdmPass (or Passwd1) argument into a fixed-size stack buffer via InstPointByName [1]. No authentication is required to reach the vulnerable code path, as the POC provided in the advisory sends the POST request without prior authentication [1].

Exploitation

An attacker can exploit this vulnerability remotely by sending a crafted HTTP POST request to /goform/setSysAdm containing an overly long passwd1 parameter. The advisory includes a working proof-of-concept (POC) that demonstrates sending a long string of 'a' characters [1]. The attacker does not need any prior authentication or user interaction; the only requirement is network access to the router's management interface (typically on port 80 or 443).

Impact

Successful exploitation causes a stack buffer overflow, which can lead to a denial of service (device crash) and potentially arbitrary code execution in the context of the vulnerable web server process. The advisory notes that the overflow can enable "buffer overflow attacks and denial of service attacks" [1]. Due to the nature of embedded devices, code execution could allow an attacker to fully compromise the router.

Mitigation

As of the publication date, no fixed firmware version has been released by UTT. The affected firmware version 2.5.3-170306 and all earlier versions remain vulnerable [1]. Users should monitor the vendor's website for updates. Until a patch is available, mitigating measures include restricting remote access to the management interface via firewall rules and disabling remote administration if not required. This vulnerability is not currently listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.