UTT HiPER 1200GW Stack-Based Buffer Overflow Vulnerability (CVE-2026-10292)

A stack-based buffer overflow vulnerability, CVE-2026-10292, has been identified in UTT HiPER 1200GW devices up to version 2.5.3-170306. The vulnerability resides within the strcpy function in the /goform/formTaskEdit file. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected device remotely. Public exploits are available, increasing the risk of exploitation. This vulnerability poses a significant threat to organizations using affected UTT HiPER 1200GW devices, potentially leading to device compromise and network disruption. Defenders should prioritize patching or mitigating this vulnerability to prevent potential attacks.

Attack Chain

1. The attacker identifies a vulnerable UTT HiPER 1200GW device running a version up to 2.5.3-170306.
2. The attacker crafts a malicious HTTP request targeting the /goform/formTaskEdit endpoint.
3. The request contains an overly long string for one of the parameters, specifically designed to overflow the buffer when processed by the strcpy function.
4. The strcpy function attempts to copy the oversized string into a fixed-size buffer on the stack, leading to a buffer overflow.
5. The buffer overflow overwrites adjacent memory locations on the stack, including the return address.
6. The attacker manipulates the overwritten return address to point to malicious code or a ROP chain.
7. The device attempts to return from the formTaskEdit function, but instead executes the attacker-controlled code.
8. The attacker gains control of the device and can execute arbitrary commands.

Impact

Successful exploitation of CVE-2026-10292 allows a remote attacker to execute arbitrary code on the affected UTT HiPER 1200GW device. This can lead to complete system compromise, including data theft, device hijacking, and denial of service. Given that the exploit is public, the likelihood of exploitation is elevated. Organizations using the affected device are at high risk.

Recommendation

• Apply available patches or updates provided by UTT to remediate CVE-2026-10292 on UTT HiPER 1200GW devices up to version 2.5.3-170306.
• Monitor web server logs for suspicious POST requests to /goform/formTaskEdit containing unusually long parameters, as described in the attack chain, and use the “Detect Suspicious Long POST Request to FormTaskEdit” Sigma rule.
• Implement network segmentation to limit the impact of a potential device compromise.
• Consider using a Web Application Firewall (WAF) to filter out malicious requests targeting the vulnerable endpoint.