Cyber Resilience

CVE-2026-5566

High

Published: 05 April 2026

Published
05 April 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0047 37.2th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-5566 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-5566 is a buffer overflow vulnerability in the UTT HiPER 1250GW router, affecting versions up to 3.2.7-210907-180535. The issue resides in the strcpy function within the /goform/formNatStaticMap file, where manipulation of the NatBind argument triggers the overflow. It is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables remote exploitation by attackers with low privileges over the network, requiring low complexity and no user interaction. Successful exploitation can result in high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution or system compromise on the affected device.

Advisories and additional details are available in references including a GitHub issue at https://github.com/Moxxkidd/CVE/issues/1 and VulDB entries at https://vuldb.com/submit/782993, https://vuldb.com/vuln/355336, and https://vuldb.com/vuln/355336/cti. No specific patch or mitigation guidance is detailed in the provided information.

The exploit is public and may be used, as noted in the vulnerability description published on 2026-04-05.

EU & UK References

Vulnerability details

A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBind results in buffer overflow. Remote exploitation of the attack is possible. The exploit…

more

is now public and may be used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Buffer overflow in public-facing router web interface (/goform/formNatStaticMap) enables remote exploitation with low privileges leading to arbitrary code execution and system compromise, directly mapping to T1190 (Exploit Public-Facing Application) and T1068 (Exploitation for Privilege Escalation).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2935Shared CWE-119, CWE-120
CVE-2025-15461Shared CWE-119, CWE-120
CVE-2026-7288Shared CWE-119, CWE-120
CVE-2025-9781Shared CWE-119, CWE-120
CVE-2026-3814Shared CWE-119, CWE-120
CVE-2026-7749Shared CWE-119, CWE-120
CVE-2026-2904Shared CWE-119, CWE-120
CVE-2026-4318Shared CWE-119, CWE-120
CVE-2025-15217Shared CWE-119, CWE-120
CVE-2026-3274Shared CWE-119, CWE-120

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the buffer overflow in the strcpy function of /goform/formNatStaticMap by applying patches or firmware updates to versions beyond 3.2.7-210907-180535.

prevent

Memory protection mechanisms like stack canaries, ASLR, and DEP prevent arbitrary code execution from the buffer overflow triggered by the NatBind argument.

prevent

Information input validation ensures the NatBind argument in /goform/formNatStaticMap is checked for size and format, preventing the buffer overflow in strcpy.

References