CVE-2026-3814
Published: 09 March 2026
Summary
CVE-2026-3814 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 810G Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Mandates timely remediation of the buffer overflow flaw in the router's strcpy function via patching unpatched versions up to 1.7.7-1711.
Requires validation of inputs to /goform/getOneApConfTempEntry to block malformed data causing the strcpy buffer overflow.
Deploys memory protections like ASLR and DEP to prevent exploitation of the buffer overflow for code execution despite the underlying flaw.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in remotely accessible web form (/goform/getOneApConfTempEntry) on network device enables remote code execution from low-priv credentials, directly mapping to exploitation for privilege escalation (T1068) and exploitation of public-facing application (T1190).
NVD Description
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely.…
more
The exploit has been released to the public and may be used for attacks.
Deeper analysisAI
CVE-2026-3814 is a buffer overflow vulnerability affecting the UTT HiPER 810G router in versions up to 1.7.7-1711. The flaw resides in the strcpy function within the /goform/getOneApConfTempEntry file, where improper input handling allows manipulation leading to a buffer overflow. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input).
The vulnerability can be exploited remotely by an attacker with low privileges (PR:L), requiring low complexity and no user interaction. Successful exploitation enables high-impact consequences, including unauthorized access to confidential data (C:H), modification of system integrity (I:H), and disruption of availability (A:H). As a network-accessible issue, it poses risks to exposed router instances.
Advisories and further details are available through referenced sources, including VulDB entries (ctiid.349780, id.349780, submit.769163) and a GitHub repository at https://github.com/whoami648/cve/blob/main/vul/9.md, which may provide mitigation guidance or patch information.
Notably, a public exploit has been released, increasing the likelihood of real-world attacks against unpatched UTT HiPER 810G devices. The vulnerability was published on 2026-03-09.
Details
- CWE(s)