UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Problem type

Affected products

UTT

HiPER 1250GW

3.2.7-210907-180535 - AFFECTED

References

VDB-353193 | UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow

https://vuldb.com/?id.353193

vdb-entrytechnical-description

VDB-353193 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/?ctiid.353193

signaturepermissions-required

Submit #776230 | UTT HiPER 1250GW <=v3.2.7-210907-180535 Buffer Overflow

https://vuldb.com/?submit.776230

third-party-advisory

github.com

https://github.com/kirlic123/IOTvulner/blob/main/309-1/5.md

exploit

GitHub Security Advisories

GHSA-rr72-28mj-44vr

A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This...

https://github.com/advisories/GHSA-rr72-28mj-44vr

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-4862

github.com

https://github.com/kirlic123/IOTvulner/blob/main/309-1/5.md

vuldb.com

https://vuldb.com/?ctiid.353193

vuldb.com

https://vuldb.com/?id.353193

vuldb.com

https://vuldb.com/?submit.776230

github.com

https://github.com/advisories/GHSA-rr72-28mj-44vr

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-4862

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-4862",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-03-26T18:23:53.788Z",
    "dateReserved": "2026-03-25T16:33:35.461Z",
    "datePublished": "2026-03-26T09:00:32.777Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-03-26T09:00:32.777Z"
      },
      "title": "UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file /goform/formConfigDnsFilterGlobal of the component Parameter Handler. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used."
        }
      ],
      "affected": [
        {
          "vendor": "UTT",
          "product": "HiPER 1250GW",
          "modules": [
            "Parameter Handler"
          ],
          "versions": [
            {
              "version": "3.2.7-210907-180535",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Buffer Overflow",
              "cweId": "CWE-120",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Memory Corruption",
              "cweId": "CWE-119",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.353193",
          "name": "VDB-353193 | UTT HiPER 1250GW Parameter formConfigDnsFilterGlobal strcpy buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.353193",
          "name": "VDB-353193 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.776230",
          "name": "Submit #776230 | UTT HiPER 1250GW <=v3.2.7-210907-180535 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/kirlic123/IOTvulner/blob/main/309-1/5.md",
          "tags": [
            "exploit"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "baseScore": 9
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-03-25T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-03-25T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-03-25T17:38:39.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "maple_s (VulDB User)",
          "type": "reporter"
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-03-26T18:23:53.788Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}