CVE-2026-2066

HighPublic PoC

Published: 06 February 2026

Published

06 February 2026

Modified

10 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffer overflow. The attack can be launched remotely. The exploit has…

been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

SI-10 requires validating inputs like groupName prior to processing, directly preventing the buffer overflow from unsafe strcpy usage.

SI-16 Memory Protection good match

prevent

SI-16 implements memory protections such as stack canaries or DEP to block arbitrary code execution even if the buffer overflow occurs.

SI-2 Flaw Remediation partial match

preventdetect

SI-2 mandates timely identification, reporting, and remediation of flaws like this buffer overflow, enabling patching or workarounds despite vendor non-response.

Security SummaryAI

CVE-2026-2066 is a buffer overflow vulnerability in the UTT 进取 520W router running firmware version 1.7.7-180627. The issue stems from improper use of the strcpy function in the /goform/formIpGroupConfig script, where manipulation of the groupName argument triggers the overflow. This flaw, linked to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), was published on 2026-02-06 and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.

The vulnerability can be exploited remotely by an authenticated attacker with low privileges (PR:L), requiring no user interaction. Successful exploitation allows arbitrary code execution, potentially granting high-impact confidentiality, integrity, and availability compromises, such as full system takeover on the affected device.

Advisories from VulDB and related GitHub repositories, including a public proof-of-concept, confirm the remote exploitability but note that the vendor was contacted early without any response or patch release. No official mitigations are available as of the disclosure. The public exploit availability heightens the risk for exposed UTT 进取 520W devices.

Details

CWE(s): CWE-119 CWE-120

Affected Products

utt

520w firmware

1.7.7-180627

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in router's web management interface (/goform/formIpGroupConfig) allows remote authenticated low-priv exploitation for arbitrary code execution, directly enabling T1190 (Exploit Public-Facing Application).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/cymiao1978/cve/blob/main/new/36.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/cymiao1978/cve/blob/main/new/36.md#poc
Exploit · cna@vuldb.com
https://vuldb.com/?ctiid.344633
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.344633
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.745260
Third Party Advisory, VDB Entry · cna@vuldb.com