CVE-2026-2067
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTimeGroupConfig. The manipulation of the argument year1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Remote code execution in UTT 520W firmware through a buffer overflow in the /goform/formTimeGroupConfig endpoint allows authenticated attackers to achieve complete system compromise via manipulation of the year1 parameter. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure notification. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all UTT 进取 520W 1.7.7-180627 devices across the organization and assess network exposure. Within 7 days: Implement network segmentation to restrict administrative access to affected devices and deploy WAF rules to block malicious requests targeting /goform/formTimeGroupConfig. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today