CVE-2026-3699
Published: 08 March 2026
Summary
CVE-2026-3699 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 810G Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the CVE by requiring timely patching of the known buffer overflow flaw in UTT HiPER 810G up to version 1.7.7-171114.
Prevents buffer overflows by enforcing validation of untrusted inputs to vulnerable functions like strcpy in /goform/formRemoteControl.
Mitigates successful exploitation of the buffer overflow through memory protections such as ASLR and DEP, reducing reliability of remote code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in network-accessible web form (/goform/formRemoteControl) directly enables remote exploitation of a public-facing application (T1190) with low privileges, resulting in arbitrary code execution and full system compromise (T1068).
NVD Description
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attack may be launched remotely. The exploit has been released to…
more
the public and may be used for attacks.
Deeper analysisAI
CVE-2026-3699 is a buffer overflow vulnerability (CWE-119, CWE-120) discovered in UTT HiPER 810G versions up to 1.7.7-171114. The flaw affects the strcpy function in the file /goform/formRemoteControl, where improper input handling allows manipulation leading to a buffer overflow. Published on 2026-03-08, it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility and significant impacts.
Attackers with low privileges (PR:L) can exploit this remotely over the network with low complexity and no user interaction required. Successful exploitation enables high confidentiality, integrity, and availability impacts, potentially allowing arbitrary code execution or system compromise on affected devices.
Advisories and details are available in references including https://github.com/7wkajk/CVE-VUL/blob/main/2.md, https://vuldb.com/?ctiid.349645, https://vuldb.com/?id.349645, and https://vuldb.com/?submit.765749. A public exploit has been released, increasing the risk of real-world attacks.
Details
- CWE(s)