Primary

Context

UTT 进取 520W Buffer Overflow Vulnerability in formIpGroupConfig

Vulnerability

A buffer overflow vulnerability has been identified in the UTT 进取 520W router, specifically in the 1.7.7-180627 firmware version. The issue arises in the formIpGroupConfig endpoint, where the strcpy function is used to copy the groupName parameter without proper boundary checks. This vulnerability can be exploited remotely, leading to potential denial-of-service conditions.

Impact

Exploitation of this vulnerability causes a buffer overflow, which can be used to execute arbitrary code or cause a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /goform/formIpGroupConfig endpoint. The request must include a groupName parameter with a value that exceeds the buffer's capacity, effectively causing a buffer overflow. This can be done by manipulating the Content-Length header to accommodate the oversized groupName value.

Added: Feb 6, 2026, 9:37 PM

Updated: Feb 6, 2026, 11:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.0

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.0

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

UTT 进取 520W Buffer Overflow Vulnerability in formIpGroupConfig

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating