CVE-2026-4487
Published: 20 March 2026
Summary
CVE-2026-4487 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-4487 is a buffer overflow vulnerability in UTT HiPER 1200GW routers up to version 2.5.3-170306. The flaw affects the strcpy function in the file /goform/websHostFilter, stemming from CWE-119 and CWE-120. It was published on 2026-03-20 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
An attacker with low privileges can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation enables high-impact compromise of confidentiality, integrity, and availability, potentially leading to full system control. The exploit has been publicly disclosed and may be utilized.
Advisories and additional details are available in referenced sources, including VulDB entries (https://vuldb.com/?ctiid.352010, https://vuldb.com/?id.352010, https://vuldb.com/?submit.773538) and a GitHub repository (https://github.com/hmKunlun/UTTHiPER/blob/main/HiPER%201200GW.md).
The public disclosure of the exploit increases the risk of real-world attacks against affected devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-13710
Vulnerability details
A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/websHostFilter. This manipulation causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and…
more
may be utilized.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public web form (/goform/websHostFilter) enables remote exploitation of internet-facing router application (T1190) for RCE and privilege escalation from low-priv access to full system control (T1068).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the buffer overflow vulnerability in the strcpy function of /goform/websHostFilter by requiring timely installation of firmware patches for affected UTT HiPER 1200GW routers.
Implements memory protections such as address space layout randomization, stack canaries, and non-executable data regions to block exploitation of the buffer overflow even in unpatched systems.
Requires validation of inputs to the /goform/websHostFilter endpoint to reject oversized or malformed data that could trigger the strcpy buffer overflow.