CVE-2026-2071
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Unauthenticated attackers can exploit a buffer overflow in the UTT 520W Firmware's P2P configuration function via a crafted request to achieve remote code execution with high privileges. The vulnerability requires only network access and low complexity to exploit, with public exploit code already available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify and inventory all UTT 进取 520W devices running version 1.7.7-180627 in your environment; isolate affected devices from critical networks if possible. Within 7 days: Implement network segmentation to restrict access to the vulnerable /goform/formP2PLimitConfig endpoint; deploy WAF rules to block malicious POST requests to this function. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today