CVE-2026-3700
Published: 08 March 2026
Summary
CVE-2026-3700 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 810G Firmware. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 46.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2026-3700 is a buffer overflow vulnerability affecting UTT HiPER 810G routers in versions up to 1.7.7-171114. The flaw stems from improper use of the strcpy function in the /goform/formConfigDnsFilterGlobal file, enabling buffer overflow conditions. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input). The vulnerability was published on 2026-03-08.
Remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation allows high-impact consequences, including unauthorized access to sensitive data, modification of system integrity, and denial of service through availability disruption. Remote exploitation is explicitly possible, and a public exploit has been disclosed.
Advisories and details are available from sources including VulDB (ctiid.349646, id.349646, submit.765750) and a GitHub repository at https://github.com/7wkajk/CVE-VUL/blob/main/1.md, which document the issue but do not specify patches or mitigations in the provided information.
The public availability of the exploit increases the risk of real-world attacks against unpatched UTT HiPER 810G devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-10207
Vulnerability details
A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formConfigDnsFilterGlobal. This manipulation causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to…
more
the public and could be used for attacks.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public-facing router web form (/goform/) enables remote authenticated attackers to achieve RCE and high-impact effects, directly mapping to exploitation of public-facing apps (T1190) and privilege escalation (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the buffer overflow vulnerability by applying vendor patches or firmware updates to affected UTT HiPER 810G routers.
Requires validation of inputs to the /goform/formConfigDnsFilterGlobal function to prevent buffer overflows from unchecked strcpy usage.
Implements memory protections such as ASLR and DEP to mitigate exploitation of the buffer overflow even if input validation fails.