CVE-2026-2981

HighPublic PoC

Published: 23 February 2026

Published

23 February 2026

Modified

24 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely. The exploit…

has been made public and could be used.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the buffer overflow flaw in the strcpy function of /goform/formTaskEdit_ap by applying firmware patches or updates to UTT HiPER 810G.

SI-10 Information Input Validation good match

prevent

Requires validation of the txtMin2 input argument to restrict size and prevent buffer overflow exploitation in the web form handler.

SI-16 Memory Protection good match

prevent

Implements memory protection mechanisms such as stack canaries, ASLR, and DEP to mitigate successful buffer overflow exploits even if input validation fails.

Security SummaryAI

CVE-2026-2981 is a buffer overflow vulnerability affecting UTT HiPER 810G firmware versions up to 1.7.7-1711. The issue stems from the strcpy function in the /goform/formTaskEdit_ap file, where manipulation of the txtMin2 argument leads to the overflow. It is associated with CWEs-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input). The vulnerability was published on 2026-02-23 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

An attacker with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized access to sensitive data (high confidentiality impact), modification of system resources (high integrity impact), and disruption of services (high availability impact), potentially leading to full compromise of the affected device.

References point to a public proof-of-concept exploit available on GitHub (including a dedicated PoC section) and VulDB entries detailing the vulnerability (ctiid.347365, id.347365, submit.756131). The description confirms that the exploit has been made public and could be used, but no specific patches or mitigation steps from vendors are detailed in the provided information.

Details

CWE(s): CWE-119 CWE-120

Affected Products

utt

810g firmware

≤ 1.7.7-171114

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Buffer overflow in remotely accessible web form handler (/goform/) with PR:L to full device compromise directly enables exploitation of public-facing applications (T1190) and software vulnerability-based privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

References

https://github.com/7wkajk/CVE-VUL/blob/main/5.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/7wkajk/CVE-VUL/blob/main/5.md#poc
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.347365
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.347365
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.756131
Third Party Advisory, VDB Entry · cna@vuldb.com