PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-9628 UTT CVE debrief

A stack-based buffer overflow vulnerability exists in the UTT HiPER 1200GW router firmware through version 2.5.3-170306. The vulnerability resides in the `/goform/formPptpClientConfig` endpoint of the Web Management Interface, where multiple PPTP configuration parameters—including server address, username, password, and tunnel name—are susceptible to improper bounds checking. Successful exploitation could allow an authenticated remote attacker to execute arbitrary code with elevated privileges. The CVSS 4.0 vector indicates network attack vector with low attack complexity, low privileges required, and high impact to confidentiality, integrity, and availability. Public exploit availability increases immediate risk. No vendor patch or advisory has been identified at time of publication.

Vendor
UTT
Product
HiPER 1200GW
CVSS
HIGH 7.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-27
Original CVE updated
2026-05-27
Advisory published
2026-05-27
Advisory updated
2026-05-27

Who should care

Network administrators managing UTT HiPER 1200GW deployments; security teams responsible for edge network infrastructure; organizations utilizing PPTP VPN client functionality on affected routers.

Technical summary

The vulnerability is a classic stack-based buffer overflow (CWE-121) in a router web management interface. The affected endpoint `/goform/formPptpClientConfig` handles PPTP tunnel configuration without proper input validation on string parameters. Multiple argument vectors (server address, username, password, tunnel name) appear vulnerable to oversized payload injection. The CVSS 4.0 score of 7.4 (HIGH) reflects significant impact potential with relatively low barrier to exploitation given network accessibility and public exploit availability. Authentication is required but the privilege level is unspecified in available sources.

Defensive priority

HIGH

Recommended defensive actions

  • Restrict administrative interface access to trusted management networks only
  • Implement network segmentation to isolate affected router management interfaces
  • Monitor for anomalous requests to /goform/formPptpClientConfig endpoint
  • Apply vendor firmware update when available; verify version exceeds 2.5.3-170306
  • Disable PPTP client functionality if not required for operations
  • Review and rotate credentials for affected device administrative accounts

Evidence notes

Vulnerability disclosed via VulDB with CVSS 4.0 scoring. Affected product identified as UTT HiPER 1200GW firmware ≤2.5.3-170306. Attack vector confirmed as network-accessible web interface endpoint. Exploit status marked as public per source metadata. Vendor attribution marked low confidence requiring review.

Official resources

2026-05-27