{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-31066", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T19:54:45.325Z", "dateReserved": "2026-03-09T00:00:00.000Z", "datePublished": "2026-04-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T14:59:09.239Z"}, "descriptions": [{"lang": "en", "value": "UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the formTaskEdit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/zxq0408/Vul202601/blob/main/6.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T19:54:21.280441Z", "id": "CVE-2026-31066", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T19:54:45.325Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-31066", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T19:54:21.280441Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T19:54:39.866Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/zxq0408/Vul202601/blob/main/6.md"}], "descriptions": [{"lang": "en", "value": "UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the formTaskEdit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T14:59:09.239Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31066", "state": "PUBLISHED", "dateUpdated": "2026-04-06T19:54:45.325Z", "dateReserved": "2026-03-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-06T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:utt:810g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EACA25AC-9976-4066-A6C6-6C2CA6D37BE3", "versionEndIncluding": "1.7.7-171114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:utt:810g:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C6B1A13-F7CD-422E-A90E-8020D076FC4A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the formTaskEdit function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."}], "id": "CVE-2026-31066", "lastModified": "2026-04-10T18:04:02.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-06T15:17:09.200", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/zxq0408/Vul202601/blob/main/6.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "v3v1.7.7-171114"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "hiper_810g", "vendor": "utt"}], "analysis": {"en": {"generated_at": "2026-04-10T19:43:28.506291+00:00", "value": {"mitigation_remediation": ["Apply the latest firmware upgrade released by UTT that addresses the buffer overflow in the formTaskEdit function.", "If a firmware update is not yet available, restrict or block external access to the formTaskEdit endpoint by configuring firewalls or web server ACLs, or disable the feature if it is not required.", "Monitor system and application logs for abnormal termination or repeated restarts that may indicate an attempted overflow attack.", "Validate input lengths and bounds in any custom or third\u2011party scripts that interact with the device\u2019s management interface.", "Review and update the device\u2019s security policy to enforce least privilege and network segmentation."], "summary": {"action": "Update Firmware", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The affected products are UTT Aggressive HiPER 810G devices running firmware version 3.0, specifically the build v1.7.7\u2011171114. Devices of this model include the 810G series running the 810g firmware. No other provider or version is listed as affected.\n", "description_and_impact": "A buffer overflow exists in the selDateType parameter of the formTaskEdit function within UTT Aggressive HiPER 810G v3 firmware. This flaw allows an attacker to supply specially crafted data that causes the application to crash, leading to a restart of the system and a temporary denial of service. The weakness is a classic CWE\u2011120 type buffer overflow. The vulnerability is limited to non\u2011remote execution; the attacker must be able to reach the formTaskEdit entry point, which is typically exposed through the device\u2019s web interface or management protocol. Based on the description, it is inferred that an attacker can trigger the overflow by submitting a request to the editing form with an oversized selDateType field.\n", "risk_and_exploitability": "The CVSS score of 4.5 indicates a moderate severity. The EPSS score of less than 1% suggests a very low probability of exploitation in the wild, and the vulnerability is not present in the CISA Known Exploited Vulnerabilities catalog. The attack surface appears to be a web\u2011based interface that can be accessed over the network, implying remote exploitation is possible if credentials or local access is provided. No publicly available exploit code is reported, and the flaw requires the attacker to control the input to the formTaskEdit function."}}}}, "created": "2026-04-06T20:22:01.025786+00:00", "updated": "2026-04-13T14:27:51.611436+00:00", "vendors": ["utt", "utt$PRODUCT$hiper_810g"]}