PatchSiren

UTT CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH UTT CVE published 2026-06-08

CVE-2026-11517

CVE-2026-11517 is a high-severity buffer overflow vulnerability in UTT HiPER 2610G up to 3.0.0-171107. The vulnerability affects the strcpy function in /goform/formConfigDnsFilterGlobal, allowing for remote exploitation through manipulation of the GroupName argument. The vulnerability has a CVSS score of 7.4 and is considered HIGH severity. The CVE was published on 2026-06-08T15:16:43.233Z and last modifi [truncated]

LOW UTT CVE published 2026-06-08

CVE-2026-11516

CVE-2026-11516 is a buffer overflow vulnerability in UTT HiPER 2610G up to 3.0.0-171107. The vulnerability affects the strcpy function in /goform/formNatStaticMap, which can be exploited by manipulating the NatBinds argument. The vulnerability has a CVSS score of 2 and is considered LOW severity. The exploit has been made public and could be used.

HIGH UTT CVE published 2026-05-27

CVE-2026-9632

A stack-based buffer overflow vulnerability exists in the UTT HiPER 1250GW router firmware through version 3.2.7-210907-180535. The vulnerability resides in the `strcpy` function within the `/goform/formGroupConfig` endpoint of the Web Management Interface. An attacker with low privileges can remotely trigger the overflow by manipulating the `Profile` argument, potentially achieving high impact on confide [truncated]

HIGH UTT CVE published 2026-05-27

CVE-2026-9631

A stack-based buffer overflow vulnerability exists in UTT HiPER 1250GW devices running firmware up to version 3.2.7-210907-180535. The vulnerability resides in the `strcpy` function within the `/goform/formConfigFastDirectionW` endpoint of the web management interface. An attacker can exploit this by manipulating the `Profile` argument, leading to remote code execution. The CVSS 4.0 score of 7.4 (HIGH) re [truncated]

HIGH UTT CVE published 2026-05-27

CVE-2026-9628

A stack-based buffer overflow vulnerability exists in the UTT HiPER 1200GW router firmware through version 2.5.3-170306. The vulnerability resides in the `/goform/formPptpClientConfig` endpoint of the Web Management Interface, where multiple PPTP configuration parameters—including server address, username, password, and tunnel name—are susceptible to improper bounds checking. Successful exploitation could [truncated]