PatchSiren cyber security CVE debrief
CVE-2026-11517 UTT CVE debrief
CVE-2026-11517 is a high-severity buffer overflow vulnerability in UTT HiPER 2610G up to 3.0.0-171107. The vulnerability affects the strcpy function in /goform/formConfigDnsFilterGlobal, allowing for remote exploitation through manipulation of the GroupName argument. The vulnerability has a CVSS score of 7.4 and is considered HIGH severity. The CVE was published on 2026-06-08T15:16:43.233Z and last modified on 2026-06-09T16:16:38.080Z.
- Vendor
- UTT
- Product
- HiPER 2610G
- CVSS
- HIGH 7.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of UTT HiPER 2610G up to 3.0.0-171107 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by a buffer overflow in the strcpy function of /goform/formConfigDnsFilterGlobal. An attacker can exploit this vulnerability remotely by manipulating the GroupName argument.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Limit access to the affected system to prevent remote exploitation.
- Monitor the system for suspicious activity.
Evidence notes
The vulnerability was discovered and publicly disclosed, and an exploit has been made available.
Official resources
CVE-2026-11517 was published on 2026-06-08T15:16:43.233Z and last modified on 2026-06-09T16:16:38.080Z.