CVE-2026-7418
published 2026-04-29CVE-2026-7418: A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.56%
42.6th percentile
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| utt | hiper_1250gw | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.4HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jxhx-v8wh-chm3: A vulnerability was determined in UTT HiPER 1250GW up to 3
ghsa_unreviewed·2026-04-30
CVE-2026-7418 [HIGH] CWE-119 GHSA-jxhx-v8wh-chm3: A vulnerability was determined in UTT HiPER 1250GW up to 3
A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
VulDB
UTT HiPER 1250GW up to 3.2.7-210907-180535 route/goform/NTP strcpy Profile buffer overflow (EUVD-2026-26295)
vuldb·2026-04-29·CVSS 7.4
CVE-2026-7418 [HIGH] UTT HiPER 1250GW up to 3.2.7-210907-180535 route/goform/NTP strcpy Profile buffer overflow (EUVD-2026-26295)
A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535 and classified as critical. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow.
The identification of this vulnerability is CVE-2026-7418. The attack may be launched remotely. Furthermore, there is an exploit available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-29
Published