CVE-2026-3015
Published: 23 February 2026
Summary
CVE-2026-3015 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 810G Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of the GroupName input argument to ensure it does not exceed buffer bounds, directly preventing the strcpy buffer overflow exploitation.
Implements memory protections such as stack canaries, ASLR, and DEP to mitigate buffer overflow exploits even if invalid input reaches the vulnerable function.
Mandates timely remediation of identified flaws like this buffer overflow through firmware patching or upgrades for affected UTT HiPER 810G versions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in remotely accessible web form (/goform/formPolicyRouteConf) on public-facing router enables exploitation of the application over the network (T1190) and directly supports privilege escalation from low-privileged authenticated access to high-impact code execution (T1068).
NVD Description
A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launched remotely. The exploit…
more
has been publicly disclosed and may be utilized.
Deeper analysisAI
CVE-2026-3015 is a buffer overflow vulnerability affecting UTT HiPER 810G routers in versions up to 1.7.7-171114. The flaw exists in the strcpy function within the /goform/formPolicyRouteConf file, where manipulation of the GroupName argument triggers the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges can exploit this vulnerability remotely without requiring user interaction. By crafting a malicious request targeting the GroupName argument, the attacker triggers the buffer overflow, potentially achieving high-impact compromise including unauthorized access to sensitive data, modification of system integrity, and denial of service through availability disruption.
Advisories referenced on VulDB (ctiid.347375, id.347375, submit.756248) and a GitHub repository (xhsy0314/CVEReport) document the issue, including a publicly disclosed proof-of-concept exploit. No specific patch or mitigation details are outlined in the provided references.
Details
- CWE(s)