Vulnerabilities ›

CVE-2026-2935

High ⚡ Exploit Available

CWE-119 — Weakness Type

                    Published: Feb 22, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.2

🔗 NVD Official

📄 Description (English)

A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

🤖 AI Executive Summary

A buffer overflow vulnerability exists in UTT HiPER 810G devices up to version 1.7.7-171114 in the /goform/ConfigExceptMSN function that can be exploited remotely through the remark parameter. This publicly disclosed vulnerability allows attackers to execute arbitrary code or cause denial of service on affected devices.

📄 Description (Arabic)

ثغرة تجاوز المخزن المؤقت في أجهزة UTT HiPER 810G تؤثر على دالة strcpy في ملف /goform/ConfigExceptMSN. يمكن استغلال هذه الثغرة عن بعد من خلال معالجة معامل remark بشكل ضار. تم الكشف عن هذه الثغرة علناً مما يزيد من خطر الاستغلال.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 8, 2026 20:36

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

telecom government

🎯 MITRE ATT&CK Techniques

T1190 T1203 T1499

⚖️ Saudi Risk Score (AI)

7.0

/ 10.0

🔧 Remediation Steps (English)

Immediately update UTT HiPER 810G devices to firmware version 1.7.7-171115 or later. If immediate patching is not possible, restrict network access to the device management interface and disable remote access to /goform/ConfigExceptMSN endpoint. Monitor device logs for suspicious activity and consider implementing network segmentation for affected devices.

🔧 خطوات المعالجة (العربية)

قم بتحديث أجهزة UTT HiPER 810G فوراً إلى إصدار البرنامج الثابت 1.7.7-171115 أو أحدث. إذا لم يكن التحديث الفوري ممكناً، قيد الوصول إلى واجهة إدارة الجهاز وعطل الوصول البعيد إلى نقطة نهاية /goform/ConfigExceptMSN. راقب سجلات الجهاز للنشاط المريب وفكر في تنفيذ تقسيم الشبكة للأجهزة المتأثرة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.12.6.1

🔵 SAMA CSF

ID.AM-2 PR.PT-1

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1

🔗 References & Sources 4

🔗

https://github.com/alc9700jmo/CVE/issues/23

cna@vuldb.com

Exploit Issue Tracking Mitigation Third Party Advisory

🔗

https://vuldb.com/?ctiid.347297

cna@vuldb.com

Permissions Required VDB Entry

🔗

https://vuldb.com/?id.347297

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/?submit.755297

cna@vuldb.com

Third Party Advisory VDB Entry

📦 Affected Products / CPE 1 entries

utt:810g_firmware

📊 CVSS Score

7.2

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.2

CWECWE-119

EPSS0.10%

Exploit ✓ Yes

Patch ✓ Yes

Published 2026-02-22

Source Feed nvd

🇸🇦 Saudi Risk Score

7.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

exploit-available CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-2935

💬 Comments

Introduce Yourself

Sign In Required