CVE-2026-9631

Vulnerability

The UTT HiPER 1250GW router firmware version 3.2.7-210907-180535 and earlier contains a stack-based buffer overflow in the web management interface. The vulnerability resides in the function strcpy within the file /goform/formConfigFastDirectionW. By manipulating the Profile argument (specifically the ssid parameter when wrlessMode is set to 4), an attacker can cause a buffer overflow due to missing boundary checks [1].

Exploitation

An attacker can exploit this vulnerability remotely without authentication. The attack requires sending a crafted HTTP POST request to /goform/formConfigFastDirectionW with wrlessMode=4 and an overly long ssid value. The provided proof-of-concept demonstrates a POST request with a long string of 'a' characters, which triggers the overflow via strcpy [1]. No user interaction is needed beyond the router being accessible on the network.

Impact

Successful exploitation leads to a denial of service (DoS) condition. The buffer overflow can corrupt memory, causing the router to crash or become unresponsive. The impact is limited to availability; no code execution or data disclosure is indicated in the available references [1].

Mitigation

As of the publication date, no official patch has been released by UTT. The affected firmware version is v3.2.7-210907-180535 and earlier. Users should monitor the vendor's website for updates. Until a fix is available, restricting access to the web management interface to trusted networks and disabling remote management can reduce exposure [1].