Critical Buffer Overflow Vulnerability in UTT HiPER 1250GW Disclosed

Critical Buffer Overflow Vulnerability in UTT HiPER 1250GW Disclosed

First seen 6 Jul 2026, 07:38 UTC Feedlywww.incibe.esexploit-intel.cominfosec.exchange 87% similarity 61.5

Article Content

Browse articles
ThreatCluster

A stack-based buffer overflow vulnerability (CVE-2026-14721) has been identified in UTT HiPER 1250GW devices up to version 3.2.7-210907-180535. The flaw exists in the /goform/ConfigWirelessBase_5g web endpoint, where the ssid argument is not properly validated. An authenticated remote attacker with low-level user privileges can exploit this vulnerability by sending a crafted HTTP request, potentially allowing arbitrary code execution on the device. As of now, there is no public proof-of-concept or evidence of active exploitation. Users are advised to upgrade their devices and restrict access to the web management interface. The CVSS base score for this vulnerability is 8.8, indicating a high severity level. Security advisories have been released, but patch availability remains unclear.

Key Points: • CVE-2026-14721 affects UTT HiPER 1250GW devices up to version 3.2.7-210907-180535. • The vulnerability allows authenticated remote attackers to execute arbitrary code via a crafted HTTP request. • No public proof-of-concept or active exploitation has been reported as of now.

ThreatCluster AI

Timeline

2026-07-05
CVE-2026-14721 published
The vulnerability in UTT HiPER 1250GW was disclosed, detailing a stack-based overflow risk.
Feedly
2026-07-06
Public disclosure of exploit potential
Exploit Intelligence reported that the vulnerability could be exploited remotely, raising concerns about its impact.
exploit-intel.com

Community

Browse all →