5 matches found
CVE-2026-1162
CVE-2026-1162 affects UTT HiPER 810, version 1.7.4-141218. The vulnerable component is the strcpy usage in the file /goform/setSysAdm, where passing a crafted passwd1 argument over the API can cause a buffer overflow. Remote exploitation is possible, and the exploit has been published (exploitati...
CVE-2026-2135
CVE-2026-2135 affects UTT HiPER 810, version 1.7.4-141218. The vulnerability exists in the function sub_43F020 of the file /goform/formPdbUpConfig, where manipulating the argument policyNames enables a remote command injection. Public exploits are available, enabling remote initiation with likely...
CVE-2026-2080
UTT HiPER 810 (version 1.7.4-141218) is affected by CVE-2026-2080 through the setSysAdm function in /goform/formUser. Manipulating the passwd1 argument enables command injection and allows remote exploitation. Public disclosures exist; vendor reportedly did not respond. Mitigation guidance across...
CVE-2026-2118
CVE-2026-2118 affects UTT HiPER 810 (version 1.7.4-141218) in the rehttpd component, where the function sub_4407D4 in /goform/formReleaseConnect processes the Isp_Name argument. Manipulating Isp_Name enables remote command injection, with exploit publicly disclosed and no user interaction require...
CVE-2025-70998
CVE-2025-70998 affects UTT HiPER 810 / nv810v4 router firmware, version v1.5.0-140603. The telnet service ships with insecure default credentials, potentially allowing a remote attacker to gain root access via a crafted script. No exploitation details or mitigations are provided in the available ...