Description
A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-01-11
Score: 8.7 High
EPSS: 3.4% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow occurs during the handling of the ssid argument in the strcpy function within the /goform/ConfigWirelessBase routine. The vulnerability, identified as CWE-119 and CWE-120, allows an attacker to supply an ssid string that exceeds the allocated buffer size. Based on the description, it is inferred that this overflow could enable arbitrary code execution or a system crash, though the exact outcome is not explicitly confirmed in the advisory. The flaw is reachable remotely through the router’s web interface, and public exploits have been released.

Affected Systems

The affected product is the UTT 进取 520W router running firmware version 1.7.7‑180627. No other versions are listed as impacted in the documented data.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity condition. The EPSS score is 3%, indicating a low but non‑zero exploitation probability that may increase as the exploit becomes more widely known. The vulnerability is not currently listed in the CISA KEV catalog, but the existence of public exploit code means the risk has become actionable. Based on the description, it is inferred that an attacker can trigger the overflow by sending crafted requests to the exposed web interface without requiring local network presence.

Generated by OpenCVE AI on June 18, 2026 at 06:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block or restrict external access to the /goform/ConfigWirelessBase interface via firewall or router ACL.
  • Limit the router’s management interface to trusted internal networks; disable remote management if not required.
  • Monitor configuration traffic for abnormal ssid configuration attempts to detect exploitation in progress.
  • If the vendor releases a firmware update addressing this flaw, apply it promptly.

Generated by OpenCVE AI on June 18, 2026 at 06:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 13 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Utt 520w Firmware
CPEs cpe:2.3:h:utt:520w:3.0:*:*:*:*:*:*:*
cpe:2.3:o:utt:520w_firmware:*:*:*:*:*:*:*:*
Vendors & Products Utt 520w Firmware

Mon, 12 Jan 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Utt
Utt 520w
Vendors & Products Utt
Utt 520w

Sun, 11 Jan 2026 05:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Title UTT 进取 520W ConfigWirelessBase strcpy buffer overflow
Weaknesses CWE-119
CWE-120
References
Metrics cvssV2_0

{'score': 9, 'vector': 'AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 8.8, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Utt 520w 520w Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T08:29:35.417Z

Reserved: 2026-01-10T09:50:41.818Z

Link: CVE-2026-0838

cve-icon Vulnrichment

Updated: 2026-01-12T14:35:46.816Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-11T06:15:57.300

Modified: 2026-06-17T10:11:28.497

Link: CVE-2026-0838

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T06:15:14Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')