CVE Details
Basic Information
| Title | UTT HiPER 840G API formConfigDnsFilterGlobal sub_416928 buffer overflow |
|---|---|
| Type | cve |
| Published | 2025-06-26T22:31:05.529Z |
| Last Seen |
Product Information
| Vendor | UTT |
|---|---|
| Product | HiPER 840G |
| Version | 3.1.1-190328 |
CVSS Information
| Base Score | 8.7 (HIGH) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical buffer overflow vulnerability in UTT HiPER 840G’s API allows remote attackers to exploit the GroupName argument in formConfigDnsFilterGlobal. This can lead to system compromise. The vendor has not responded to disclosure attempts, increasing the risk. |
|---|---|
| AI Severity | Critical |
| Vendor | UTT |
| Product | HiPER 840G |
| Affected Version | 3.1.1-190328 |
Affected Products
- UTT HiPER 840G 3.1.1-190328
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-120, CWE-119 |
| Bulletin Family |
References
Description
A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.