CVE-2026-2067

HighPublic PoC

Published: 06 February 2026

Published

06 February 2026

Modified

10 February 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0011 28.3th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTimeGroupConfig. The manipulation of the argument year1 leads to buffer overflow. The attack may be initiated remotely. The exploit has…

been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly remediates the buffer overflow vulnerability by identifying, testing, and applying firmware patches or workarounds for the affected UTT router.

SI-10 Information Input Validation good match

prevent

Prevents the buffer overflow by validating the size and format of the 'year1' input parameter before processing with strcpy in the web form handler.

SI-16 Memory Protection good match

prevent

Mitigates successful exploitation of the buffer overflow through memory protection mechanisms like stack canaries, ASLR, and non-executable memory.

Security SummaryAI

CVE-2026-2067 is a buffer overflow vulnerability in the UTT 进取 520W router running firmware version 1.7.7-180627. The issue resides in the strcpy function within the /goform/formTimeGroupConfig file, where manipulation of the year1 argument triggers the overflow. This flaw, classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.

The vulnerability can be exploited remotely by an attacker with low privileges, such as an authenticated user, over the network with low complexity and no user interaction required. Successful exploitation allows the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to remote code execution, data compromise, or denial of service on the affected device.

Advisories from VulDB and related disclosures, including a public proof-of-concept on GitHub, confirm the exploit's availability but note that the vendor was contacted early without any response or patch release. No official mitigations or updates are referenced, leaving affected systems reliant on network segmentation, access controls, or firmware replacement from alternative sources if available.

The exploit has been publicly disclosed with a POC, increasing the risk of active targeting against exposed UTT 进取 520W devices. No evidence of widespread real-world exploitation is mentioned in the available data.

Details

CWE(s): CWE-119 CWE-120

Affected Products

utt

520w firmware

1.7.7-180627

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Buffer overflow in router web interface (/goform/formTimeGroupConfig) allows remote authenticated exploitation for RCE, directly enabling T1190 (Exploit Public-Facing Application).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/cymiao1978/cve/blob/main/new/37.md
Exploit, Third Party Advisory · cna@vuldb.com
https://github.com/cymiao1978/cve/blob/main/new/37.md#poc
Exploit · cna@vuldb.com
https://vuldb.com/?ctiid.344634
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.344634
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.745261
Third Party Advisory, VDB Entry · cna@vuldb.com