CVE-2026-2071
8.8 HIGHPublished 2026-02-07 · Modified 2026-02-09 · Awaiting Analysis
Quick Summary
A buffer overflow vulnerability exists in a specific router model due to unsafe handling of input in a web management function. This allows a remote attacker to potentially crash the device or execute malicious code.
Who is affected
Users of the UTT 进取 520W router running firmware version 1.7.7-180627 are affected. An attacker on the same network could take control of the device.
Recommended fix
As the vendor has not provided a patch, users should isolate the router from untrusted networks, disable remote management if enabled, and consider replacing it with a supported model.
Technical Description
A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-119, CWE-120