Skip to main content

520w Firmware CVE-2026-31062

| EUVD-2026-19259 MEDIUM
Classic Buffer Overflow (CWE-120)
2026-04-06 cve@mitre.org GHSA-mr7p-c5rw-q9vj
Denial Of Service Buffer Overflow 520w Firmware
4.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.5 MEDIUM
AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 15:22 euvd
EUVD-2026-19259
Analysis Generated
Apr 06, 2026 - 15:22 vuln.today
CVE Published
Apr 06, 2026 - 15:17 nvd
MEDIUM 4.5

DescriptionCVE.org

UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

AnalysisAI

Buffer overflow in UTT Aggressive 520W v3 v1.7.7-180627 filename parameter of formFtpServerDirConfig function allows authenticated attackers with high privileges to cause denial of service. The vulnerability requires local network access and high-level administrative credentials; no public exploit code or active exploitation has been confirmed at time of analysis.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment The CVSS score of 4.5 reflects a low-to-moderate severity rating, with several mitigating factors: the attack vector is adjacent network (AV:A), meaning an attacker must be on the same local network segment; the attack complexity is low (AC:L); but critically, the attacker requires high privileges (PR:H), limiting the practical threat to malicious administrators or highly compromised accounts. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious network administrator or an attacker who has gained administrative credentials through phishing or credential theft gains access to the UTT Aggressive 520W management interface on the local network. The attacker uses the formFtpServerDirConfig function to submit an oversized filename parameter, triggering the buffer overflow and corrupting device memory. …
Remediation No vendor-released patch has been identified at time of analysis. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-31062 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy