CVE-2026-31062
Received Received - Intake

Buffer Overflow in UTT Aggressive 520W FTP Causes DoS

Vulnerability report for CVE-2026-31062, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-04-06

Last updated on: 2026-04-07

Assigner: MITRE

Description

UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-04-06
Last Modified
2026-04-07
Generated
2026-07-06
AI Q&A
2026-04-06
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
utt 520w_firmware 1.7.7-180627

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The CVE-2026-31062 vulnerability affects the UTT Aggressive 520W router, specifically firmware versions up to and including v3v1.7.7-180627. It is a buffer overflow vulnerability in the handling of the HTTP POST request to the endpoint `/goform/formFtpServerDirConfig`.

When the parameter `Action` is set to `add`, the router processes the `filename` parameter by copying its value into a destination buffer using the unsafe `strcpy` function without any boundary checks. This lack of input validation allows an attacker to supply an excessively long `filename` string, causing a buffer overflow.

Exploiting this vulnerability can lead to a denial-of-service (DoS) condition on the device by crashing or disrupting the router's operation.

Impact Analysis

This vulnerability can impact you by allowing an attacker to cause a denial-of-service (DoS) condition on your UTT Aggressive 520W router. By sending a specially crafted HTTP POST request with an excessively long filename parameter, the attacker can trigger a buffer overflow that disrupts the normal functioning of the device.

As a result, your network connectivity or services relying on this router could be interrupted or become unavailable.

Detection Guidance

This vulnerability can be detected by sending a crafted HTTP POST request to the endpoint `/goform/formFtpServerDirConfig` on the affected UTT Aggressive 520W router firmware versions up to v3v1.7.7-180627.

Specifically, the POST request should include the parameter `Action` set to `add` and a very long string in the `filename` parameter to test for buffer overflow conditions.

A sample command using curl to test this could be:

  • curl -X POST http://[router_ip]/goform/formFtpServerDirConfig -d "Action=add&filename=$(python3 -c 'print("A"*1000)')"

If the device crashes, becomes unresponsive, or exhibits a denial-of-service condition after this request, it indicates the presence of the vulnerability.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate the CVE-2026-31062 vulnerability, immediately avoid sending or accepting HTTP POST requests to the endpoint `/goform/formFtpServerDirConfig` with the `Action` parameter set to `add` that include untrusted or excessively long `filename` parameters.

Restrict access to the affected router's management interface to trusted networks only, and monitor for unusual or malformed POST requests targeting the vulnerable endpoint.

If possible, update the router firmware to a version that addresses this vulnerability once it becomes available from the vendor.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31062. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart