CVE-2026-2935 – This CVE describes a remote buffer overflow vul... (How to Fix)

Q: What is the severity of CVE-2026-2935?

CVE-2026-2935 has a CVSS score of 7.2 (HIGH). This CVE describes a remote buffer overflow vulnerability in UTT HiPER 810G routers. Attackers can exploit the strcpy function in the ConfigExceptMSN endpoint by manipulating the remark parameter, potentially allowing remote code execution. All users running UTT HiPER 810G firmware versions up to 1.7.7-171114 are affected.

📋 TL;DR

This CVE describes a remote buffer overflow vulnerability in UTT HiPER 810G routers. Attackers can exploit the strcpy function in the ConfigExceptMSN endpoint by manipulating the remark parameter, potentially allowing remote code execution. All users running UTT HiPER 810G firmware versions up to 1.7.7-171114 are affected.

💻 Affected Systems

Products:

UTT HiPER 810G

Versions: up to 1.7.7-171114

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerable endpoint /goform/ConfigExceptMSN is accessible via web interface. Default configurations are vulnerable.

📦 What is this software?

810g Firmware by Utt

View all CVEs affecting 810g Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers could execute arbitrary code with router privileges, potentially gaining full control of the device, intercepting network traffic, or using it as a foothold for lateral movement.

🟠

Likely Case

Remote code execution leading to device compromise, service disruption, or credential theft from the router configuration.

🟢

If Mitigated

If properly segmented and firewalled, impact may be limited to the router itself without network-wide compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit available on GitHub. Remote exploitation requires no authentication. Buffer overflow via strcpy is a well-understood attack vector.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

No official patch available. Check vendor website for firmware updates beyond version 1.7.7-171114.

🔧 Temporary Workarounds

Block Web Interface Access

linux

Restrict access to router web interface from untrusted networks

iptables -A INPUT -p tcp --dport 80 -s ! TRUSTED_NETWORK -j DROP
iptables -A INPUT -p tcp --dport 443 -s ! TRUSTED_NETWORK -j DROP

Disable Remote Management

all

Turn off remote management features in router configuration

🧯 If You Can't Patch

Segment router management interface to isolated VLAN
Implement network-based intrusion detection for buffer overflow patterns

🔍 How to Verify

Check if Vulnerable:

Check router firmware version via web interface at System Status > Firmware Version

Check Version:

curl -s http://ROUTER_IP/goform/GetSysInfo | grep Firmware

Verify Fix Applied:

Verify firmware version is newer than 1.7.7-171114

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /goform/ConfigExceptMSN
Large payloads in remark parameter
Router crash/restart logs

Network Indicators:

HTTP requests with oversized remark parameters
Traffic to router management interface from unexpected sources

SIEM Query:

source="router_logs" AND uri="/goform/ConfigExceptMSN" AND (remark.length>100 OR status=500)

📊 Metadata

CVE ID: CVE-2026-2935

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: February 22, 2026

Last Updated: February 24, 2026

🔗 References

https://github.com/alc9700jmo/CVE/issues/23 Exploit,Issue Tracking,Mitigation,Third Party Advisory
https://vuldb.com/?ctiid.347297 Permissions Required,VDB Entry
https://vuldb.com/?id.347297 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.755297 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2935, you might also want to check these: