CVE-2026-7420HIGH 8.8EPSS p36.5%

CVE-2026-7420CVE-2026-7420

Description

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.46% probability of exploitation · percentile 36.5% · 2026-06-19T12:03:05Z
Published2026-04-29
Last modified2026-04-30

Underlying weaknesses· 2

CWE-119CWE-120

References

  1. https://github.com/kirlic123/IOTvulner/blob/main/4035/5/5.md
  2. https://vuldb.com/submit/803997
  3. https://vuldb.com/vuln/360157
  4. https://vuldb.com/vuln/360157/cti

2

TypeTargetConfidenceTier
WeaknessImproper Restriction of Operations within the Bounds of a Memory Buffercwe-1190%live
WeaknessBuffer Copy without Checking Size of Input ('Classic Buffer Overflow')cwe-1200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-7512
CVE
CVE-2026-7419
CVE
CVE-2026-9632
CVE
CVE-2026-9631
CVE
CVE-2026-7418
CVE
CVE-2026-7513
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.