Login Sign Up

CVE-2026-2904

8.8 HIGH
Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in the UTT HiPER 810G router's web interface allows remote attackers to execute arbitrary code by exploiting the strcpy function. This affects all systems running version 1.7.7-171114 of the firmware. Attackers can compromise the router without authentication.

💻 Affected Systems

Products:
  • UTT HiPER 810G
Versions: 1.7.7-171114
Operating Systems: Embedded Linux (router firmware)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web management interface which is typically enabled by default.

📦 What is this software?

810g Firmware by Utt

View all CVEs affecting 810g Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to router takeover, network traffic interception, lateral movement to internal systems, and persistent backdoor installation.

🟠

Likely Case

Router compromise leading to network disruption, credential theft, and potential pivot point for attacking internal systems.

🟢

If Mitigated

Limited impact if network segmentation prevents lateral movement and external access is restricted.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable and the exploit is publicly available.
🏢 Internal Only: MEDIUM - Internal attackers could exploit this, but requires network access to the router's management interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details are publicly disclosed and the vulnerability is in a commonly exploited function (strcpy).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: Yes

Instructions:

Check vendor website for firmware updates. If available, download latest firmware and apply through web interface. No specific patch version is known for this CVE.

🔧 Temporary Workarounds

Disable Remote Management

all

Disable web management interface access from external networks

Access router web interface > Administration > Remote Management > Disable

Network Segmentation

all

Place router on isolated management VLAN with strict access controls

🧯 If You Can't Patch

  • Replace affected router with supported model
  • Implement strict firewall rules to block all external access to router management interface

🔍 How to Verify

Check if Vulnerable:

Check firmware version in router web interface: Login > System > Firmware Upgrade. If version is 1.7.7-171114, system is vulnerable.

Check Version:

No CLI command available. Must check through web interface.

Verify Fix Applied:

Verify firmware version has been updated to a version later than 1.7.7-171114

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts to /goform/ConfigExceptAli
  • Unusual POST requests to router management interface
  • Buffer overflow patterns in web server logs

Network Indicators:

  • External IP addresses accessing router management port (typically 80/443)
  • Unusual traffic patterns to router from external sources

SIEM Query:

source="router_logs" AND (uri="/goform/ConfigExceptAli" OR message="buffer overflow" OR message="strcpy")

📊 Metadata

CVE ID: CVE-2026-2904
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: February 22, 2026
Last Updated: February 24, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2904, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)