CVE Details
Basic Information
| Title | UTT HiPER 840G API setSysAdm strcpy buffer overflow |
|---|---|
| Type | cve |
| Published | 2025-06-26T21:31:12.543Z |
| Last Seen |
Product Information
| Vendor | UTT |
|---|---|
| Product | HiPER 840G |
| Version | 3.1.1-190328 |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical buffer overflow vulnerability in the UTT HiPER 840G’s API allows remote attackers to overflow the buffer via the passwd1 argument in the setSysAdm function, potentially leading to system compromise. |
|---|---|
| AI Severity | Critical |
| Vendor | UTT |
| Product | HiPER 840G |
| Affected Version | 3.1.1-190328 |
Affected Products
- UTT HiPER 840G 3.1.1-190328
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-120, CWE-119 |
| Bulletin Family |
References
Description
A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.