CVE-2026-7420
published 2026-04-29CVE-2026-7420: A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The…
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.46%
36.7th percentile
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| utt | hiper_1250gw | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.4HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j63v-gc5m-5wgg: A security flaw has been discovered in UTT HiPER 1250GW up to 3
ghsa_unreviewed·2026-04-30
CVE-2026-7420 [HIGH] CWE-119 GHSA-j63v-gc5m-5wgg: A security flaw has been discovered in UTT HiPER 1250GW up to 3
A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
VulDB
UTT HiPER 1250GW up to 3.2.7-210907-180535 ConfigAdvideo strcpy Profile buffer overflow (EUVD-2026-26298)
vuldb·2026-04-29·CVSS 7.4
CVE-2026-7420 [HIGH] UTT HiPER 1250GW up to 3.2.7-210907-180535 ConfigAdvideo strcpy Profile buffer overflow (EUVD-2026-26298)
A vulnerability was found in UTT HiPER 1250GW up to 3.2.7-210907-180535. It has been declared as critical. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow.
This vulnerability is identified as CVE-2026-7420. The attack can be executed remotely. Additionally, an exploit exists.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-29
Published