Cyber Resilience

CVE-2026-0838

HighPublic PoC

Published: 11 January 2026

Published
11 January 2026
Modified
13 January 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0341 87.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-0838 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 520W Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-0838 is a buffer overflow vulnerability in the UTT 进取 520W router firmware version 1.7.7-180627. The issue affects the strcpy function in the file /goform/ConfigWirelessBase, where manipulation of the ssid argument triggers the overflow. It is associated with CWE-119 and CWE-120.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating network accessibility with low complexity and requiring only low privileges, without user interaction. Remote attackers possessing low privileges can exploit it to achieve high impacts on confidentiality, integrity, and availability, such as potential arbitrary code execution or system compromise.

Advisories from VulDB and related sources note that an exploit has been publicly released on GitHub and may be used for attacks. The vendor was contacted early about the disclosure but provided no response, and no patches or specific mitigations are available.

EU & UK References

Vulnerability details

A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely.…

more

The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Buffer overflow in router web interface (/goform/ConfigWirelessBase) exploitable remotely (AV:N) with low privileges (PR:L) for arbitrary code execution, mapping to public-facing application exploitation (T1190) and privilege escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-15461Same product: Utt 520W
CVE-2026-2068Same product: Utt 520W
CVE-2026-1137Same product: Utt 520W
CVE-2026-1140Same product: Utt 520W
CVE-2026-1138Same product: Utt 520W
CVE-2026-2070Same product: Utt 520W
CVE-2025-15459Same product: Utt 520W
CVE-2026-1139Same product: Utt 520W
CVE-2025-15462Same product: Utt 520W
CVE-2026-2071Same product: Utt 520W

Affected Assets

utt
520w firmware
≤ 1.7.7-180627

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of the ssid input to /goform/ConfigWirelessBase to prevent buffer overflow from unsafe strcpy usage.

prevent

Mandates identification, reporting, and correction of the buffer overflow flaw in the router firmware.

prevent

Provides memory protections such as stack canaries to mitigate exploitation of the buffer overflow vulnerability.

References