← Back
2026-02-07 0:32CVE-2026-2071VulDB
PUBLISHED5.2CWE-120CWE-119

UTT 进取 520W formP2PLimitConfig strcpy buffer overflow

A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Problem type

Affected products

UTT

进取 520W

1.7.7-180627 - AFFECTED

References

VDB-344638 | UTT 进取 520W formP2PLimitConfig strcpy buffer overflow

https://vuldb.com/?id.344638

vdb-entrytechnical-description
VDB-344638 | CTI Indicators (IOB, IOC, IOA)

https://vuldb.com/?ctiid.344638

signaturepermissions-required
Submit #745265 | UTT 进取 520W v3v1.7.7-180627 Buffer Overflow

https://vuldb.com/?submit.745265

third-party-advisory
github.com

https://github.com/cymiao1978/cve/blob/main/new/40.md

exploit

GitHub Security Advisories

GHSA-3fgh-xfv8-6h8h

A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function...

https://github.com/advisories/GHSA-3fgh-xfv8-6h8h

A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-2071

github.com

https://github.com/cymiao1978/cve/blob/main/new/40.md

vuldb.com

https://vuldb.com/?ctiid.344638

vuldb.com

https://vuldb.com/?id.344638

vuldb.com

https://vuldb.com/?submit.745265

github.com

https://github.com/advisories/GHSA-3fgh-xfv8-6h8h

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-2071
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-2071",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-02-07T00:32:06.561Z",
    "dateReserved": "2026-02-06T07:41:27.166Z",
    "datePublished": "2026-02-07T00:32:06.561Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-02-07T00:32:06.561Z"
      },
      "title": "UTT 进取 520W formP2PLimitConfig strcpy buffer overflow",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "affected": [
        {
          "vendor": "UTT",
          "product": "进取 520W",
          "versions": [
            {
              "version": "1.7.7-180627",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Buffer Overflow",
              "cweId": "CWE-120",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Memory Corruption",
              "cweId": "CWE-119",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/?id.344638",
          "name": "VDB-344638 | UTT 进取 520W formP2PLimitConfig strcpy buffer overflow",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/?ctiid.344638",
          "name": "VDB-344638 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/?submit.745265",
          "name": "Submit #745265 | UTT 进取 520W v3v1.7.7-180627 Buffer Overflow",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/cymiao1978/cve/blob/main/new/40.md",
          "tags": [
            "exploit"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
            "baseScore": 8.8,
            "baseSeverity": "HIGH"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
            "baseScore": 9
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-02-06T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-02-06T01:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-02-06T08:46:33.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "cymiao (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}