CVE-2026-9628

Vulnerability

A stack-based buffer overflow vulnerability exists in the UTT HiPER 1200GW router's web management interface, specifically within the file /goform/formPptpClientConfig. The vulnerability is triggered when the function processes the PPTP server address, username, password, or tunnel name parameters. The root cause lies in an insecure strcpy call that copies attacker-supplied data into a fixed-size stack buffer without bounds checking, as identified in the public analysis [1]. Affected firmware versions are <=2.5.3-170306.

Exploitation

An attacker can exploit this vulnerability remotely without requiring authentication. By sending a crafted HTTP POST request to the /goform/formPptpClientConfig endpoint with an overly long value in one of the vulnerable parameters (e.g., serverIp), the attacker can overflow the stack buffer. A public proof-of-concept exists, demonstrating the ability to trigger the overflow via a malformed request [1]. The attacker only needs network access to the router's web interface (typically on port 80 or 443).

Impact

Exploitation of this buffer overflow can lead to a denial of service (device crash or reboot) or, if properly leveraged, remote code execution at the device's privilege level. This grants the attacker full control over the router, potentially enabling traffic interception, further network compromise, or use of the device in a botnet. The widespread availability of the exploit increases the risk of real-world attacks.

Mitigation

As of the publication date, no fixed firmware version has been released by UTT. The vendor has not publicly acknowledged the vulnerability or provided a patch [1]. Affected users should consider isolating the web management interface from untrusted networks, disabling remote administration if possible, or replacing the device if it reaches end-of-life. The CVE is not currently listed in the Known Exploited Vulnerabilities (KEV) catalog.