CVE-2026-5544

UTT HiPER 1250GW formRemoteControl stack-based overflow

CVSS 8.7 HIGHEPSS 0.5%CWE-119 CWE-121

Vexday Risk Score

41Attention

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 8.7EPSS 0.5%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

05 Apr 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Affected products

UTT · HiPER 1250GW

public PoCs found — 1

cve_referencegithub.com/jinxjinxboom/cve/issues/1unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/jinxjinxboom/cve/issues/1 https://vuldb.com/submit/782268 https://vuldb.com/vuln/355297 https://vuldb.com/vuln/355297/cti