CVE-2026-31065
Buffer Overflow in UTT Aggressive 520W Causes Denial of Service
Publication date: 2026-04-06
Last updated on: 2026-04-07
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| utt | 520w_firmware | 1.7.7-180627 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of the CVE-2026-31065 vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-31065 is a buffer overflow vulnerability in the UTT Aggressive 520W router's firmware version v3v1.7.7-180627. It occurs in the addCommand parameter of the formConfigCliForEngineerOnly function, which is accessed via an HTTP POST request.
The vulnerability arises because the router's firmware uses the unsafe strcpy function without checking the size of the input, allowing attacker-controlled data to overflow a buffer in memory.
An attacker can exploit this by sending a specially crafted POST request with an excessively long addCommand parameter, causing a buffer overflow that leads to a denial-of-service (DoS) condition on the device.
Authentication is required to exploit this vulnerability, as Digest authentication with valid credentials is needed to access the vulnerable endpoint.
How can this vulnerability impact me? :
This vulnerability can impact you by causing a denial-of-service (DoS) condition on the affected UTT Aggressive 520W router.
Exploitation of the buffer overflow can disrupt the normal operation of the router, potentially leading to network outages or loss of connectivity for users relying on the device.
Since the vulnerability requires authentication, an attacker with valid credentials could intentionally disrupt service, affecting network availability and reliability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to send a specially crafted HTTP POST request to the endpoint `/goform/formConfigCliForEngineerOnly` on the UTT Aggressive 520W router firmware versions up to v3v1.7.7-180627.
The detection involves sending a POST request with an excessively long `addCommand` parameter to trigger the buffer overflow condition.
Since the endpoint requires Digest authentication, valid credentials are necessary to perform this test.
A sample command using curl to test the vulnerability could be:
- curl -X POST -u username:password --digest -d "addCommand=$(python3 -c 'print("A"*1000)')" http://<router-ip>/goform/formConfigCliForEngineerOnly
If the device becomes unresponsive or crashes after this request, it indicates the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the router's web management interface to trusted users only, especially limiting access to the `/goform/formConfigCliForEngineerOnly` endpoint.
Ensure that strong authentication credentials are used to prevent unauthorized access, as the vulnerability requires authenticated access.
Monitor the device for unusual crashes or denial-of-service symptoms that may indicate exploitation attempts.
Check the vendor's official website for firmware updates or patches that address this buffer overflow vulnerability and apply them as soon as they become available.