CVE-2026-0838

HighPublic PoC

Published: 11 January 2026

Published

11 January 2026

Modified

13 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 34.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely.…

The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of the ssid input to /goform/ConfigWirelessBase to prevent buffer overflow from unsafe strcpy usage.

SI-2 Flaw Remediation good match

prevent

Mandates identification, reporting, and correction of the buffer overflow flaw in the router firmware.

SI-16 Memory Protection partial match

prevent

Provides memory protections such as stack canaries to mitigate exploitation of the buffer overflow vulnerability.

Security SummaryAI

CVE-2026-0838 is a buffer overflow vulnerability in the UTT 进取 520W router firmware version 1.7.7-180627. The issue affects the strcpy function in the file /goform/ConfigWirelessBase, where manipulation of the ssid argument triggers the overflow. It is associated with CWE-119 and CWE-120.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating network accessibility with low complexity and requiring only low privileges, without user interaction. Remote attackers possessing low privileges can exploit it to achieve high impacts on confidentiality, integrity, and availability, such as potential arbitrary code execution or system compromise.

Advisories from VulDB and related sources note that an exploit has been publicly released on GitHub and may be used for attacks. The vendor was contacted early about the disclosure but provided no response, and no patches or specific mitigations are available.

Details

CWE(s): CWE-119 CWE-120

Affected Products

utt

520w firmware

≤ 1.7.7-180627

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Buffer overflow in router web interface (/goform/ConfigWirelessBase) exploitable remotely (AV:N) with low privileges (PR:L) for arbitrary code execution, mapping to public-facing application exploitation (T1190) and privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/Lena-lyy/cve/blob/main/1223/28.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.340438
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.340438
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.729020
Third Party Advisory, VDB Entry · cna@vuldb.com