Description
UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Published: 2026-04-06
Score: 4.5 Medium
EPSS: n/a
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

A vulnerability was identified in UTT Aggressive 520W firmware version v3v1.7.7-180627. The flaw is a classic buffer overflow located in the addCommand parameter of the formConfigCliForEngineerOnly function. Exploiting this overflow allows an attacker to send a crafted input that corrupts memory and causes the device to crash, resulting in a Denial of Service. Because the crash terminates the CLI session, the device cannot process legitimate configuration changes until it is manually rebooted.

Affected Systems

This issue affects the UTT Aggressive 520W series running firmware v3v1.7.7-180627. No vendor name was identified in the CVE data, but the product model and firmware revision are explicitly listed in the description. Devices operating under this configuration are the only ones at risk; earlier firmware releases or other UTT models are not mentioned.

Risk and Exploitability

The CVSS assessment is not provided, but the presence of a buffer overflow suggests a high impact score. EPSS data is unavailable, and the vulnerability is not currently in the CISA KEV catalog. Because the addCommand interface is part of a CLI intended for engineers, we infer that the attack vector could be remote if the CLI is exposed over the network, or local if an attacker gains console access. No exploit code has been published, so the exploitability likely depends on the attacker’s ability to interact with the CLI. Nevertheless, a successful exploitation results in total loss of service until the device is restarted or patched.

Generated by OpenCVE AI on April 6, 2026 at 17:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for firmware updates from the vendor for UTT Aggressive 520W version v3v1.7.7-180627 and apply any available patch.
  • If no update is currently available, limit access to the engineer‑only CLI to trusted personnel and consider isolating the device from critical network segments.
  • In the absence of a patch, restart the device after sending the crafted input to restore normal operation.
  • Monitor system logs for repeated crashes that may indicate an attempt to exploit the buffer overflow.

Generated by OpenCVE AI on April 6, 2026 at 17:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in UTT Aggressive 520W CLI Leads to DoS
First Time appeared Utt
Utt 520w
Weaknesses CWE-120
CWE-787
Vendors & Products Utt
Utt 520w
Metrics cvssV3_1

{'score': 4.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
References

Subscriptions

Utt 520w
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-06T19:53:59.553Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31065

cve-icon Vulnrichment

Updated: 2026-04-06T19:53:54.733Z

cve-icon NVD

Status : Received

Published: 2026-04-06T15:17:09.080

Modified: 2026-04-06T20:16:23.053

Link: CVE-2026-31065

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:47:52Z

Weaknesses