How serious is CVE-2026-2904?

This vulnerability has a CVSS score of 7.4 out of 10, classified as HIGH severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-2904?

Yes, proof-of-concept exploit code for CVE-2026-2904 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-2904?

CVE-2026-2904 affects utt 810g firmware. Check the full CVE details for specific version information.

How do I fix CVE-2026-2904?

To remediate CVE-2026-2904, check for security patches from utt. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-2904

High

|7.4

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to remotely execute malicious code on the UTT HiPER 810G device by exploiting a flaw in its configuration file handling, which can lead to a buffer overflow. The attacker needs to manipulate specific input to trigger this issue, making it a serious risk for anyone using this firmware version.

Technical Description

A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$1,842($1K-$5K)

Vendor Response

Grade APatched in 2 days

Quick Information

Published

Feb 22, 2026

about 1 month ago

Last Modified

Feb 24, 2026

about 1 month ago

Vendor

utt

Product

810g firmware

Related Vulnerabilities

CVE-2026-3815High

An attacker can remotely exploit a vulnerability in the UTT HiPER 810G firmware to execute a buffer overflow, potentially allowing them to take control of the device. This issue affects versions up to 1.7.7-1711 and requires no special access, making it particularly dangerous.

CVE-2026-3814High

An attacker can remotely exploit a buffer overflow vulnerability in the UTT HiPER 810G firmware, potentially allowing them to execute arbitrary code on the device. This issue affects versions up to 1.7.7-1711, and the exploit is publicly available, making it easier for attackers to launch an attack.

CVE-2026-3016High

This vulnerability allows an attacker to remotely take control of the UTT HiPER 810G device by exploiting a flaw in how it handles data, potentially leading to unauthorized access or system crashes. The attacker can exploit this issue if they can send specially crafted data to the device, making it a serious risk for users running affected firmware versions.

CVE-2026-3015High

An attacker can remotely exploit a flaw in the UTT HiPER 810G firmware to execute arbitrary code by manipulating a specific input, which can lead to a buffer overflow. This vulnerability affects versions up to 1.7.7-171114 and could allow the attacker to take control of the device if they can send a specially crafted request.

CVE-2026-2981High

This vulnerability allows an attacker to remotely execute malicious code on UTT HiPER 810G devices by exploiting a buffer overflow in a specific function. It affects firmware versions up to 1.7.7-1711, and the attacker can manipulate input data to trigger the exploit.