A critical remote code execution vulnerability has been discovered in multiple UTT HiPER products. This flaw, identified as CVE-2026-1162, allows a remote attacker to take full control of an affected device by sending a specially crafted request, potentially leading to network compromise, data breaches, and service disruption.

The vulnerability is a classic buffer overflow within the /goform/setSysAdm component of the device's web interface. The strcpy function is used insecurely to handle the passwd1 argument, which is intended for setting the system administrator password. A remote, unauthenticated attacker can exploit this by sending an HTTP request with an overly long string in the passwd1 parameter, overflowing the buffer and allowing for the execution of arbitrary code on the device with system-level privileges.

This vulnerability presents a critical risk to the organization, reflected by its CVSS score of 9.8. Successful exploitation allows a remote attacker to gain complete administrative control over the affected network device. This can lead to severe consequences, including the interception and exfiltration of sensitive network traffic, disruption of network services, using the compromised device as a pivot point to attack other internal systems, and significant reputational damage.

Immediate Action: The primary and most effective remediation is to update the affected UTT HiPER products to the latest patched version provided by the vendor. After patching, it is crucial to monitor for any signs of post-exploitation activity and review historical access logs for indicators of compromise.

Proactive Monitoring: Security teams should actively monitor network traffic for malicious requests targeting the /goform/setSysAdm endpoint. Specifically, look for HTTP POST requests to this path containing an abnormally long value for the passwd1 parameter. Monitor the device for any unusual outbound connections, unexpected processes, or configuration changes.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Restrict access to the device's web management interface to a dedicated and trusted management network or specific IP addresses.
• Deploy a Web Application Firewall (WAF) or Intrusion Prevention System (IPS) with rules to detect and block oversized requests to the /goform/setSysAdm endpoint.
• Ensure the device is placed behind a firewall and is not directly exposed to the internet.

Public Exploit Available: true

Given the critical severity (CVSS 9.8), remote exploitability, and the confirmed availability of a public exploit, this vulnerability requires immediate attention. Organizations must prioritize applying the vendor-supplied patches to all affected UTT HiPER devices without delay. While this CVE is not currently listed on the CISA KEV list, its characteristics make it a prime target for opportunistic attackers, and it should be treated with the highest urgency.