How serious is CVE-2026-2935?

This vulnerability has a CVSS score of 7.3 out of 10, classified as HIGH severity. Proof-of-concept exploit code is publicly available, making this an active threat.

Is there exploit code available for CVE-2026-2935?

Yes, proof-of-concept exploit code for CVE-2026-2935 is publicly available on GitHub and security research platforms. This increases the risk of active exploitation.

Which products are affected by CVE-2026-2935?

CVE-2026-2935 affects utt 810g firmware. Check the full CVE details for specific version information.

How do I fix CVE-2026-2935?

To remediate CVE-2026-2935, check for security patches from utt. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2026-2935

High

|7.3

Exploit Available

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to remotely execute code on the UTT HiPER 810G firmware by exploiting a flaw in how the device handles certain input, potentially leading to a complete system compromise. The attacker needs to manipulate a specific argument in a configuration file, and public exploit code is already available, making it easier for malicious actors to take advantage of this weakness.

Technical Description

A weakness has been identified in UTT HiPER 810G up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/ConfigExceptMSN. Executing a manipulation of the argument remark can lead to buffer overflow. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

Confidentiality ImpactHigh

Integrity ImpactHigh

Availability ImpactHigh

ScopeChanged

Vector String

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$1,632($1K-$5K)

Vendor Response

Grade APatched in 2 days

Quick Information

Published

Feb 22, 2026

about 1 month ago

Last Modified

Feb 24, 2026

about 1 month ago

Vendor

utt

Product

810g firmware

Related Vulnerabilities

CVE-2026-3815High

An attacker can remotely exploit a vulnerability in the UTT HiPER 810G firmware to execute a buffer overflow, potentially allowing them to take control of the device. This issue affects versions up to 1.7.7-1711 and requires no special access, making it particularly dangerous.

CVE-2026-3814High

An attacker can remotely exploit a buffer overflow vulnerability in the UTT HiPER 810G firmware, potentially allowing them to execute arbitrary code on the device. This issue affects versions up to 1.7.7-1711, and the exploit is publicly available, making it easier for attackers to launch an attack.

CVE-2026-3016High

This vulnerability allows an attacker to remotely take control of the UTT HiPER 810G device by exploiting a flaw in how it handles data, potentially leading to unauthorized access or system crashes. The attacker can exploit this issue if they can send specially crafted data to the device, making it a serious risk for users running affected firmware versions.

CVE-2026-3015High

An attacker can remotely exploit a flaw in the UTT HiPER 810G firmware to execute arbitrary code by manipulating a specific input, which can lead to a buffer overflow. This vulnerability affects versions up to 1.7.7-171114 and could allow the attacker to take control of the device if they can send a specially crafted request.

CVE-2026-2981High

This vulnerability allows an attacker to remotely execute malicious code on UTT HiPER 810G devices by exploiting a buffer overflow in a specific function. It affects firmware versions up to 1.7.7-1711, and the attacker can manipulate input data to trigger the exploit.