{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3699", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-07T08:46:52.539Z", "datePublished": "2026-03-08T02:32:07.771Z", "dateUpdated": "2026-03-10T13:48:19.941Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-08T02:32:07.771Z"}, "title": "UTT HiPER 810G formRemoteControl strcpy buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "UTT", "product": "HiPER 810G", "versions": [{"version": "1.7.7-171114", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-07T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-07T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-07T09:52:03.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "yecp (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.349645", "name": "VDB-349645 | UTT HiPER 810G formRemoteControl strcpy buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.349645", "name": "VDB-349645 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.765749", "name": "Submit #765749 | UTT HiPER 810G v3v1.7.7-171114 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/7wkajk/CVE-VUL/blob/main/2.md", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T13:47:55.306859Z", "id": "CVE-2026-3699", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T13:48:19.941Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3699", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-10T13:47:55.306859Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T13:48:15.727Z"}}], "cna": {"title": "UTT HiPER 810G formRemoteControl strcpy buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "yecp (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "UTT", "product": "HiPER 810G", "versions": [{"status": "affected", "version": "1.7.7-171114"}]}], "timeline": [{"lang": "en", "time": "2026-03-07T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-07T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-07T09:52:03.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.349645", "name": "VDB-349645 | UTT HiPER 810G formRemoteControl strcpy buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.349645", "name": "VDB-349645 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.765749", "name": "Submit #765749 | UTT HiPER 810G v3v1.7.7-171114 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/7wkajk/CVE-VUL/blob/main/2.md", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-08T02:32:07.771Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3699", "state": "PUBLISHED", "dateUpdated": "2026-03-10T13:48:19.941Z", "dateReserved": "2026-03-07T08:46:52.539Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-08T02:32:07.771Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:utt:810g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EACA25AC-9976-4066-A6C6-6C2CA6D37BE3", "versionEndIncluding": "1.7.7-171114", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:utt:810g:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C6B1A13-F7CD-422E-A90E-8020D076FC4A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-171114. This impacts the function strcpy of the file /goform/formRemoteControl. The manipulation results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."}, {"lang": "es", "value": "Una falla de seguridad ha sido descubierta en UTT HiPER 810G hasta 1.7.7-171114. Esto afecta a la funci\u00f3n strcpy del archivo /goform/formRemoteControl. La manipulaci\u00f3n resulta en desbordamiento de b\u00fafer. El ataque puede lanzarse remotamente. El exploit ha sido publicado y puede utilizarse para ataques."}], "id": "CVE-2026-3699", "lastModified": "2026-03-10T15:21:15.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-08T03:16:04.017", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/7wkajk/CVE-VUL/blob/main/2.md"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.349645"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.349645"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.765749"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.7.7-171114"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "HiPER 810G", "source": "cna", "vendor": "UTT"}, "product": "hiper_810g", "vendor": "utt"}], "analysis": {"en": {"generated_at": "2026-04-17T12:04:27.968236+00:00", "value": {"mitigation_remediation": ["Upgrade the HiPER 810G firmware to a release newer than 1.7.7\u2011171114 that contains the vendor\u2011issued fix.", "If a patch is not immediately available, block inbound traffic to the /goform/formRemoteControl endpoint or disable remote control features in the device\u2019s configuration to prevent exploitation.", "Continuously monitor network traffic and system logs for abnormal requests to the formRemoteControl endpoint, ensuring that access restrictions remain enforced."], "summary": {"action": "Apply Patch", "impact": "Remote Buffer Overflow with potential for code execution"}, "threat_synthesis": {"affected_systems": "The vulnerability exists on UTT HiPER 810G devices running firmware 1.7.7\u2011171114 or earlier, specifically on builds that include the legacy strcpy implementation within the /goform/formRemoteControl module.", "description_and_impact": "A security flaw was identified in the UTT HiPER 810G firmware, affecting the /goform/formRemoteControl endpoint up to version 1.7.7\u2011171114. The bug stems from an unsafe use of the C library function strcpy, which can overflow a buffer when a payload longer than the allocated space is received. The endpoint is reachable over the network, so the attack vector is remote. The description does not explicitly state that arbitrary code execution is achieved; however, as a buffer overflow it potentially allows the attacker to alter the device\u2019s execution flow.", "risk_and_exploitability": "The CVSS base score of 8.7 signals high severity, while an EPSS figure below 1\u202f% indicates a low but non\u2011zero probability of exploitation in the wild. The flaw is not listed in the CISA KEV catalog, but publicly available exploit code raises concern. Exploitation requires sending a crafted HTTP request to the vulnerable endpoint without authentication. While the description does not confirm the exact impact, the overflow could plausibly lead to arbitrary code execution, which would compromise confidentiality, integrity, and availability of the device."}}}}, "created": "2026-03-09T10:03:40.595678+00:00", "updated": "2026-04-17T12:15:18.160350+00:00", "vendors": ["utt", "utt$PRODUCT$hiper_810g"]}