← Back
2026-02-06 22:32CVE-2026-2070VulDB
PUBLISHED5.2CWE-120CWE-119

UTT 进取 520W formPolicyRouteConf strcpy buffer overflow

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Problem type

Affected products

UTT

进取 520W

1.7.7-180627 - AFFECTED

References

VDB-344637 | UTT 进取 520W formPolicyRouteConf strcpy buffer overflow

https://vuldb.com/?id.344637

vdb-entrytechnical-description
VDB-344637 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/?ctiid.344637

signaturepermissions-required
Submit #745264 | UTT 进取 520W v3v1.7.7-180627 Buffer Overflow

https://vuldb.com/?submit.745264

third-party-advisory
github.com

https://github.com/cymiao1978/cve/blob/main/new/39.md

exploit

GitHub Security Advisories

GHSA-hghv-g2jw-j4wq

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function...

https://github.com/advisories/GHSA-hghv-g2jw-j4wq

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2070

github.com

https://github.com/cymiao1978/cve/blob/main/new/39.md

vuldb.com

https://vuldb.com/?ctiid.344637

vuldb.com

https://vuldb.com/?id.344637

vuldb.com

https://vuldb.com/?submit.745264

github.com

https://github.com/advisories/GHSA-hghv-g2jw-j4wq

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2070
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2070",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-06T22:32:06.317Z",
    "dateReserved": "2026-02-06T07:41:24.091Z",
    "datePublished": "2026-02-06T22:32:06.317Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-06T22:32:06.317Z"
      },
      "title": "UTT 进取 520W formPolicyRouteConf strcpy buffer overflow",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/formPolicyRouteConf. Such manipulation of the argument GroupName leads to buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "affected": [
        {
          "vendor": "UTT",
          "product": "进取 520W",
          "versions": [
            {
              "version": "1.7.7-180627",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Buffer Overflow",
              "cweId": "CWE-120",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Memory Corruption",
              "cweId": "CWE-119",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.344637",
          "name": "VDB-344637 | UTT 进取 520W formPolicyRouteConf strcpy buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.344637",
          "name": "VDB-344637 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.745264",
          "name": "Submit #745264 | UTT 进取 520W v3v1.7.7-180627 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/cymiao1978/cve/blob/main/new/39.md",
          "tags": [
            "exploit"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "baseScore": 9
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-06T08:46:31.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "cymiao (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}