CVE-2026-0838
Unknown Unknown - Not Provided
Remote Buffer Overflow in UTT 进取 520W Wireless Config Function

Publication date: 2026-01-11

Last updated on: 2026-01-11

Assigner: VulDB

Description
A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-11
Last Modified
2026-01-11
Generated
2026-06-16
AI Q&A
2026-01-11
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0838
EUVD
EUVD-2026-1905
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
utt 进取_520w 1.7.7-180627
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a buffer overflow in the strcpy function within the /goform/ConfigWirelessBase file of the UTT 进取 520W 1.7.7-180627 device. It occurs when the ssid argument is manipulated, allowing an attacker to overflow the buffer. This flaw can be exploited remotely.

Impact Analysis

The vulnerability can allow remote attackers to execute arbitrary code or cause a denial of service by exploiting the buffer overflow. This can lead to compromise of the affected device's confidentiality, integrity, and availability.

Detection Guidance

This vulnerability can be detected by monitoring or testing the /goform/ConfigWirelessBase endpoint for buffer overflow attempts by manipulating the 'ssid' parameter with oversized input. Since the exploit targets the SSID buffer via HTTP requests, detection can involve capturing and analyzing HTTP traffic to this endpoint for suspiciously large or malformed 'ssid' parameters. Specific commands are not provided in the resources, but using tools like curl or wget to send crafted requests to /goform/ConfigWirelessBase with oversized 'ssid' values could help detect vulnerability. Network intrusion detection systems (NIDS) could be configured to alert on such anomalous requests. [1, 3]

Mitigation Strategies

Immediate mitigation steps include discontinuing use of the affected UTT 进取 520W device version 1.7.7-180627, as no patches or vendor responses are available. It is recommended to replace the affected product with an alternative device. Additionally, restricting remote access to the device's management interface and monitoring for exploit attempts can reduce risk. Since no known countermeasures or patches exist, avoiding exposure is the primary mitigation. [3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0838. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart