Skip to content
CVSS 8.8 · HIGH

CVE-2026-7418

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

View on NVD

Analysis

This is a buffer overflow in the firmware of a specific UTT HiPER router model. While the exploit is public and the severity is high, this hardware is not part of the common stack for Mexican software developers and is unlikely to be encountered in web, mobile, or backend environments.

Severity

Score: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-119CWE-120

EPSS

Probability of exploitation (next 30 days): 0.0005 (0.0%)
Percentile: 13.9%
EPSS: 2026-05-06

Technical description

A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Published: 4/29/2026, 10:16:22 PM
Last modified: 4/30/2026, 2:52:54 PM

References

HomeEventsBlogResourcesTeam