Description
UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Published: 2026-04-06
Score: 4.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Upgrade Firmware
AI Analysis

Impact

A buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function within UTT Aggressive 520W firmware can be triggered by a crafted input. The overflow corrupts the execution stack, causing the device to crash and stop responding. This results in a loss of availability and no direct impact on confidentiality or privilege escalation.

Affected Systems

Systems running the UTT Aggressive 520W v3 or later that use firmware version 1.7.7‑180627 are affected. The vulnerability is limited to the engineer‑only command‑line interface; other user interfaces are unaffected.

Risk and Exploitability

The CVSS score of 4.5 indicates moderate severity. The EPSS score below 1 % suggests exploitation is unlikely in the wild. Based on the description, it is inferred that the likely attack vector requires local or privileged access to the engineer‑only CLI, which may be exposed through the device’s network management or console ports. The vulnerability is not listed in the KEV catalog, so no confirmed public exploits are known.

Generated by OpenCVE AI on April 7, 2026 at 23:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware release that patches the buffer overflow.
  • Disable or restrict access to the engineer‑only command‑line interface if it is not needed.
  • Monitor device logs for abnormal or repeated calls to formConfigCliForEngineerOnly.
  • Implement network segmentation or firewall rules to isolate the device from untrusted traffic.

Generated by OpenCVE AI on April 7, 2026 at 23:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow Causing DoS in UTT Aggressive 520W Firmware

Tue, 07 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Utt 520w Firmware
CPEs cpe:2.3:h:utt:520w:3.0:*:*:*:*:*:*:*
cpe:2.3:o:utt:520w_firmware:1.7.7-180627:*:*:*:*:*:*:*
Vendors & Products Utt 520w Firmware

Tue, 07 Apr 2026 08:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in UTT Aggressive 520W CLI Leads to DoS
Weaknesses CWE-787

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in UTT Aggressive 520W CLI Leads to DoS
First Time appeared Utt
Utt 520w
Weaknesses CWE-120
CWE-787
Vendors & Products Utt
Utt 520w
Metrics cvssV3_1

{'score': 4.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
References

Subscriptions

Utt 520w 520w Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T19:53:59.553Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31065

cve-icon Vulnrichment

Updated: 2026-04-06T19:53:54.733Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T15:17:09.080

Modified: 2026-04-07T20:28:37.697

Link: CVE-2026-31065

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:53:00Z

Weaknesses