CVE-2026-0841

HighPublic PoC

Published: 11 January 2026

Published

11 January 2026

Modified

13 January 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0015 34.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The…

exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Enforces validation of the importpictureurl argument's length and content to directly prevent the buffer overflow triggered by strcpy manipulation.

SI-16 Memory Protection good match

prevent

Provides runtime memory protections like stack canaries, DEP, and ASLR to block exploitation of the buffer overflow for arbitrary code execution.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Supports vulnerability scanning to identify network-exposed UTT 进取 520W routers running the vulnerable 1.7.7-180627 firmware for immediate isolation.

Security SummaryAI

CVE-2026-0841 is a buffer overflow vulnerability in the UTT 进取 520W router running firmware version 1.7.7-180627. The issue resides in the strcpy function within the /goform/formPictureUrl component, where manipulation of the importpictureurl argument triggers the overflow. This flaw, classified under CWE-119 and CWE-120, carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on January 11, 2026.

Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise on the affected device.

No patches or mitigations are available from the vendor, who was contacted early about the disclosure but provided no response. Advisories from sources like VulDB note the issue, but practitioners should isolate or decommission affected UTT 进取 520W devices where possible.

The exploit is public and may already be in use, increasing the urgency for network defenders to scan for exposed instances of this firmware.

Details

CWE(s): CWE-119 CWE-120

Affected Products

utt

520w firmware

≤ 1.7.7-180627

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow vulnerability in the router's public-facing web interface (/goform/formPictureUrl) enables remote exploitation over the network with low privileges required, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/GUOTINGTING2297/cve/blob/main/1234/31.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.340441
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.340441
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.729030
Third Party Advisory, VDB Entry · cna@vuldb.com