Skip to main content

UTT nv518G EUVDEUVD-2026-40866

| CVE-2026-52196 HIGH
Classic Buffer Overflow (CWE-120)
2026-06-30 cve@mitre.org GHSA-5j4v-722p-7pmr
7.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Network-reachable gohead service exploitable without auth or interaction (AV:N/AC:L/PR:N/UI:N); buffer overflow only crashes the device, so C:N/I:N and A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (mitre).

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jul 01, 2026 - 18:32 vuln.today
CVSS changed
Jul 01, 2026 - 16:22 NVD
7.5 (HIGH)
CVE Published
Jun 30, 2026 - 22:16 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_416f28 component

AnalysisAI

Denial of service in the UTT nv518G gateway/router (firmware nv518GV3v3.2.7-210919-161313) lets a remote, unauthenticated attacker crash the device by triggering a buffer overflow in the gohead web-service function sub_416f28 (FUN_00416f28). Publicly available exploit code exists (referenced PoC on GitHub), though the flaw is not listed in CISA KEV and EPSS scores it at just 0.22% (13th percentile), indicating low observed exploitation activity. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach gohead management interface over network
Delivery
Send crafted oversized HTTP request
Exploit
Overflow fixed buffer in sub_416f28
Execution
Crash daemon / reboot gateway
Impact
Deny service to connected users

Vulnerability AssessmentAI

Exploitation Exploitation requires only network reachability to the UTT nv518G's gohead web/management service and does not require authentication, credentials, or user interaction (CVSS PR:N/UI:N). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are moderate and internally consistent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach the nv518G's gohead management service over the network sends a single crafted HTTP request whose oversized field overflows the fixed buffer in sub_416f28, crashing the daemon or rebooting the gateway and knocking connected users offline. Because the CVSS vector is AV:N/AC:L/PR:N/UI:N, no authentication, user interaction, or special timing is needed, and publicly available PoC/analysis on GitHub lowers the effort to reproduce it. …
Remediation No vendor-released patch or fixed firmware version is identified in the available data, so a specific upgrade target cannot be cited; monitor the UTT download center (https://utt.com.cn/downloadcenter.php?filetypeid=3&model=518G&lang=zhcn) for an updated nv518G firmware build superseding nv518GV3v3.2.7-210919-161313. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all UTT nv518G devices on the network; assess which are internet-facing or handle critical traffic; disable external access to the web management interface where operationally possible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-40866 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy