A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2CWE-120CWE-119
UTT 进取 520W formIpGroupConfig strcpy buffer overflow
Problem type
Affected products
UTT
进取 520W
1.7.7-180627 - AFFECTED
References
VDB-344633 | UTT 进取 520W formIpGroupConfig strcpy buffer overflow
https://vuldb.com/?id.344633
VDB-344633 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/?ctiid.344633
Submit #745260 | UTT 进取 520W v3v1.7.7-180627 Buffer Overflow
https://vuldb.com/?submit.745260
github.com
https://github.com/cymiao1978/cve/blob/main/new/36.md
github.com
https://github.com/cymiao1978/cve/blob/main/new/36.md#poc
GitHub Security Advisories
GHSA-6m45-m235-5343
A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of...
https://github.com/advisories/GHSA-6m45-m235-5343A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-2066
github.com
https://github.com/cymiao1978/cve/blob/main/new/36.md
github.com
https://github.com/cymiao1978/cve/blob/main/new/36.md#poc
vuldb.com
https://vuldb.com/?ctiid.344633
vuldb.com
https://vuldb.com/?id.344633
vuldb.com
https://vuldb.com/?submit.745260
github.com
https://github.com/advisories/GHSA-6m45-m235-5343
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-2066Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-2066",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-02-06T20:40:03.175Z",
"dateReserved": "2026-02-06T06:59:29.800Z",
"datePublished": "2026-02-06T20:32:06.795Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-02-06T20:32:06.795Z"
},
"title": "UTT 进取 520W formIpGroupConfig strcpy buffer overflow",
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "UTT",
"product": "进取 520W",
"versions": [
{
"version": "1.7.7-180627",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Buffer Overflow",
"cweId": "CWE-120",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Memory Corruption",
"cweId": "CWE-119",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?id.344633",
"name": "VDB-344633 | UTT 进取 520W formIpGroupConfig strcpy buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.344633",
"name": "VDB-344633 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.745260",
"name": "Submit #745260 | UTT 进取 520W v3v1.7.7-180627 Buffer Overflow",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/cymiao1978/cve/blob/main/new/36.md",
"tags": [
"related"
]
},
{
"url": "https://github.com/cymiao1978/cve/blob/main/new/36.md#poc",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"baseScore": 9
}
}
],
"timeline": [
{
"time": "2026-02-06T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-02-06T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-02-06T08:04:41.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "cymiao (VulDB User)",
"type": "reporter"
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2026-02-06T20:40:03.175Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}