Skip to content
CVSS 8.8 · HIGH

CVE-2026-7420

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Ver en NVD

Análisis

This vulnerability affects the firmware of a specific UTT HiPER router model. This brand is not widely deployed in Mexico or commonly used by the software development community targeted by this feed, making it a niche hardware issue.

Severidad

Puntaje: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE): CWE-119CWE-120

EPSS

Probabilidad de explotación (próx. 30 días): 0.0005 (0.0%)
Percentil: 13.9%
EPSS: 2026-05-06

Descripción técnica

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Publicada: 29/4/2026, 23:16:20
Última modificación: 30/4/2026, 14:52:54

Referencias

InicioEventosBlogRecursosEquipo