Skip to main content

UTT nv518G CVE-2026-52191

HIGH
Classic Buffer Overflow (CWE-120)
2026-07-02 mitre
7.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Unauthenticated, low-complexity HTTP request reachable over the network with no user interaction (AV:N/AC:L/PR:N/UI:N); impact is a service/device crash only, so C:N/I:N/A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jul 06, 2026 - 16:27 vuln.today
CVSS changed
Jul 06, 2026 - 16:22 NVD
7.5 (HIGH)
CVE Published
Jul 02, 2026 - 00:00 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_444C8C component

AnalysisAI

Remote denial of service in the UTT nv518G security gateway/router (firmware nv518GV3v3.2.7-210919-161313) allows an unauthenticated attacker to crash the device by triggering a buffer overflow in the gohead/sub_444C8C function of its embedded web management service. The flaw impacts availability only - no code execution, data disclosure, or integrity loss is indicated - and CVSS rates it 7.5 (High). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach nv518G web management port
Delivery
Send crafted oversized HTTP request
Exploit
Overflow buffer in gohead/sub_444C8C
Execution
Crash web service / reboot device
Impact
Gateway offline (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires network reachability to the UTT nv518G's gohead web management service (HTTP interface) on the specific firmware build nv518GV3v3.2.7-210919-161313; per the CVSS vector (AV:N/AC:L/PR:N/UI:N) no authentication, no user interaction, and no special configuration are needed to trigger the sub_444C8C buffer overflow. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/A:H, C:N/I:N) describes a network-reachable, low-complexity, unauthenticated crash affecting only availability - internally consistent and typical for an embedded-web-server DoS. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the nv518G web management port sends a single crafted HTTP request with an oversized field that flows into the vulnerable sub_444C8C routine, overflowing a fixed-size buffer and crashing the gohead web service or rebooting the device. Because no authentication or user interaction is required and complexity is low, the attack can be scripted and repeated to keep the gateway offline. …
Remediation No vendor-released patch identified at time of analysis; check the UTT download center (https://utt.com.cn/downloadcenter.php?filetypeid=3&model=518G&lang=zhcn) for a firmware build newer than nv518GV3v3.2.7-210919-161313 and apply it once published. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all UTT nv518G units on network and document firmware versions, particularly nv518GV3v3.2.7-210919-161313; restrict management interface access to trusted administrative networks only and disable external web management access if not operationally required. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in N A

View all
CVE-2026-31072 CRITICAL POC
9.8 May 19

Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali

CVE-2026-36356 CRITICAL POC
9.1 May 05

Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST

CVE-2026-31071 CRITICAL POC
9.1 May 19

Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al

CVE-2025-66391 HIGH POC
8.8 Jun 17

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o

CVE-2026-26740 HIGH POC
8.2 Mar 18

Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when

CVE-2025-60464 HIGH POC
7.8 Jun 25

Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_

CVE-2026-36355 HIGH POC
7.7 May 05

Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc

CVE-2025-60474 HIGH POC
7.5 Jun 24

Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s

CVE-2026-38639 HIGH POC
7.5 Jun 26

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S

CVE-2026-38641 HIGH POC
7.5 Jun 26

Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge

CVE-2026-38637 HIGH POC
7.5 Jun 25

An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S

CVE-2026-38640 HIGH POC
7.5 Jun 25

Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce

Share

CVE-2026-52191 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy