Skip to content
CVSS 8.8 · HIGH

CVE-2026-7420

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

View on NVD

Analysis

This vulnerability affects the firmware of a specific UTT HiPER router model. This brand is not widely deployed in Mexico or commonly used by the software development community targeted by this feed, making it a niche hardware issue.

Severity

Score: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-119CWE-120

EPSS

Probability of exploitation (next 30 days): 0.0005 (0.0%)
Percentile: 13.9%
EPSS: 2026-05-06

Technical description

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Published: 4/29/2026, 11:16:20 PM
Last modified: 4/30/2026, 2:52:54 PM

References

HomeEventsBlogResourcesTeam