Is 520w Firmware affected by CVE-2026-2068?

A high-severity buffer overflow vulnerability (CVE-2026-2068) affecting UTT 进取 520W devices version 1.7.7-180627 poses a critical risk to organizations using this equipment, as active exploits are publicly available and no patch has been released.

CVE-2026-2068

HIGH

2026-02-06 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 13, 2026 - 18:56 vuln.today

Public exploit code

CVE Published

Feb 06, 2026 - 22:16 nvd

HIGH 8.8

Description

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

Remote code execution in UTT 520W firmware 1.7.7-180627 allows authenticated attackers to execute arbitrary code via a buffer overflow in the ServerIp parameter of the /goform/formSyslogConf endpoint. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor despite early disclosure attempts. …

Remediation

Within 24 hours: Identify and inventory all UTT 进取 520W 1.7.7-180627 devices in your network; disable remote access to affected devices if operationally feasible; restrict network access to the /goform/formSyslogConf endpoint via firewall rules. Within 7 days: Implement network segmentation to isolate affected devices; deploy WAF rules to block malicious requests to vulnerable endpoints; monitor logs for exploitation attempts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +44

POC: +20

CVE-2026-2068 vulnerability details – vuln.today

Back

CVE-2026-2068

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-2068

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code