UTT 进取 520W formTimeGroupConfig strcpy buffer overflow

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTimeGroupConfig. The manipulation of the argument year1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Problem type

Affected products

UTT

进取 520W

1.7.7-180627 - AFFECTED

References

VDB-344634 | UTT 进取 520W formTimeGroupConfig strcpy buffer overflow

https://vuldb.com/?id.344634

vdb-entrytechnical-description

VDB-344634 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/?ctiid.344634

signaturepermissions-required

Submit #745261 | UTT 进取 520W v3v1.7.7-180627 Buffer Overflow

https://vuldb.com/?submit.745261

third-party-advisory

github.com

https://github.com/cymiao1978/cve/blob/main/new/37.md

github.com

https://github.com/cymiao1978/cve/blob/main/new/37.md#poc

exploit

GitHub Security Advisories

GHSA-xr5q-rm4x-86wg

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability...

https://github.com/advisories/GHSA-xr5q-rm4x-86wg

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2067

github.com

https://github.com/cymiao1978/cve/blob/main/new/37.md

github.com

https://github.com/cymiao1978/cve/blob/main/new/37.md#poc

vuldb.com

https://vuldb.com/?ctiid.344634

vuldb.com

https://vuldb.com/?id.344634

vuldb.com

https://vuldb.com/?submit.745261

github.com

https://github.com/advisories/GHSA-xr5q-rm4x-86wg

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2067

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2067",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-06T21:02:06.544Z",
    "dateReserved": "2026-02-06T06:59:33.824Z",
    "datePublished": "2026-02-06T21:02:06.544Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-06T21:02:06.544Z"
      },
      "title": "UTT 进取 520W formTimeGroupConfig strcpy buffer overflow",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTimeGroupConfig. The manipulation of the argument year1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "affected": [
        {
          "vendor": "UTT",
          "product": "进取 520W",
          "versions": [
            {
              "version": "1.7.7-180627",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Buffer Overflow",
              "cweId": "CWE-120",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Memory Corruption",
              "cweId": "CWE-119",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.344634",
          "name": "VDB-344634 | UTT 进取 520W formTimeGroupConfig strcpy buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.344634",
          "name": "VDB-344634 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.745261",
          "name": "Submit #745261 | UTT 进取 520W v3v1.7.7-180627 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/cymiao1978/cve/blob/main/new/37.md",
          "tags": [
            "related"
          ]
        },
        {
          "url": "https://github.com/cymiao1978/cve/blob/main/new/37.md#poc",
          "tags": [
            "exploit"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "baseScore": 9
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-06T08:04:43.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "cymiao (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}