UTT 进取 520W formSyslogConf strcpy buffer overflow

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Problem type

Affected products

UTT

进取 520W

1.7.7-180627 - AFFECTED

References

VDB-344635 | UTT 进取 520W formSyslogConf strcpy buffer overflow

https://vuldb.com/?id.344635

vdb-entrytechnical-description

VDB-344635 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/?ctiid.344635

signaturepermissions-required

Submit #745262 | UTT 进取 520W v3v1.7.7-180627 Buffer Overflow

https://vuldb.com/?submit.745262

third-party-advisory

github.com

https://github.com/cymiao1978/cve/blob/main/new/38.md

github.com

https://github.com/cymiao1978/cve/blob/main/new/38.md#poc

exploit

GitHub Security Advisories

GHSA-vffc-m683-fh9m

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy...

https://github.com/advisories/GHSA-vffc-m683-fh9m

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2068

github.com

https://github.com/cymiao1978/cve/blob/main/new/38.md

github.com

https://github.com/cymiao1978/cve/blob/main/new/38.md#poc

vuldb.com

https://vuldb.com/?ctiid.344635

vuldb.com

https://vuldb.com/?id.344635

vuldb.com

https://vuldb.com/?submit.745262

github.com

https://github.com/advisories/GHSA-vffc-m683-fh9m

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2068

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2068",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-06T21:32:06.640Z",
    "dateReserved": "2026-02-06T06:59:36.557Z",
    "datePublished": "2026-02-06T21:32:06.640Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-06T21:32:06.640Z"
      },
      "title": "UTT 进取 520W formSyslogConf strcpy buffer overflow",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/formSyslogConf. The manipulation of the argument ServerIp results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "affected": [
        {
          "vendor": "UTT",
          "product": "进取 520W",
          "versions": [
            {
              "version": "1.7.7-180627",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Buffer Overflow",
              "cweId": "CWE-120",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Memory Corruption",
              "cweId": "CWE-119",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.344635",
          "name": "VDB-344635 | UTT 进取 520W formSyslogConf strcpy buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.344635",
          "name": "VDB-344635 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.745262",
          "name": "Submit #745262 | UTT 进取 520W v3v1.7.7-180627 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/cymiao1978/cve/blob/main/new/38.md",
          "tags": [
            "related"
          ]
        },
        {
          "url": "https://github.com/cymiao1978/cve/blob/main/new/38.md#poc",
          "tags": [
            "exploit"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "baseScore": 9
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-06T08:04:44.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "cymiao (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}