CVE-2026-7419
published 2026-04-29CVE-2026-7419: A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap…
PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.54%
41.5th percentile
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| utt | hiper_1250gw | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.4HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3h4p-c4mx-3p28: A vulnerability was identified in UTT HiPER 1250GW up to 3
ghsa_unreviewed·2026-04-30
CVE-2026-7419 [HIGH] CWE-119 GHSA-3h4p-c4mx-3p28: A vulnerability was identified in UTT HiPER 1250GW up to 3
A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
VulDB
UTT HiPER 1250GW up to 3.2.7-210907-180535 formTaskEdit_ap strcpy Profile buffer overflow (EUVD-2026-26297)
vuldb·2026-04-29·CVSS 7.4
CVE-2026-7419 [HIGH] UTT HiPER 1250GW up to 3.2.7-210907-180535 formTaskEdit_ap strcpy Profile buffer overflow (EUVD-2026-26297)
A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535. It has been classified as critical. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow.
This vulnerability is referenced as CVE-2026-7419. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-29
Published