CVE-2026-1162

Critical

Published: 19 January 2026

Published

19 January 2026

Modified

06 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 34.9th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /goform/setSysAdm. This manipulation of the argument passwd1 causes buffer overflow. Remote exploitation of the attack is possible. The exploit has…

been published and may be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the specific buffer overflow flaw in the strcpy function of /goform/setSysAdm by requiring identification, reporting, and correction of the vulnerability.

SI-10 Information Input Validation good match

prevent

Prevents the buffer overflow by enforcing input validation on the passwd1 argument before it is processed by the unsafe strcpy function in the web form handler.

SI-16 Memory Protection good match

prevent

Mitigates remote exploitation of the buffer overflow vulnerability through memory protections such as non-executable stacks or address space randomization, blocking arbitrary code execution.

Security SummaryAI

CVE-2026-1162 is a buffer overflow vulnerability affecting the UTT HiPER 810 device in version 1.7.4-141218. The issue stems from improper use of the strcpy function in the /goform/setSysAdm file, where manipulation of the passwd1 argument leads to the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), with a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network. Successful exploitation enables arbitrary code execution or system compromise, granting high-impact access to confidentiality, integrity, and availability.

Advisories and references, including a GitHub repository with proof-of-concept exploit details and VulDB entries, confirm remote exploitability. No specific patches or mitigations are detailed in the available information, but the published exploit underscores the need for immediate isolation or upgrades where possible.

Details

CWE(s): CWE-119 CWE-120

Affected Products

utt

810 firmware

1.7.4-141218

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in public-facing web form (/goform/setSysAdm) allows unauthenticated remote arbitrary code execution, directly mapping to exploitation of public-facing applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/cha0yang1/UTT810/blob/main/1.md
Broken Link · cna@vuldb.com
https://github.com/cha0yang1/UTT810/blob/main/1.md#poc
Broken Link · cna@vuldb.com
https://vuldb.com/?ctiid.341756
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.341756
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.736511
Third Party Advisory, VDB Entry · cna@vuldb.com