CVE-2026-0838
Published: 11 January 2026
Summary
CVE-2026-0838 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 520W Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of the ssid input to /goform/ConfigWirelessBase to prevent buffer overflow from unsafe strcpy usage.
Mandates identification, reporting, and correction of the buffer overflow flaw in the router firmware.
Provides memory protections such as stack canaries to mitigate exploitation of the buffer overflow vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in router web interface (/goform/ConfigWirelessBase) exploitable remotely (AV:N) with low privileges (PR:L) for arbitrary code execution, mapping to public-facing application exploitation (T1190) and privilege escalation (T1068).
NVD Description
A security flaw has been discovered in UTT 进取 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buffer overflow. The attack is possible to be carried out remotely.…
more
The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2026-0838 is a buffer overflow vulnerability in the UTT 进取 520W router firmware version 1.7.7-180627. The issue affects the strcpy function in the file /goform/ConfigWirelessBase, where manipulation of the ssid argument triggers the overflow. It is associated with CWE-119 and CWE-120.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating network accessibility with low complexity and requiring only low privileges, without user interaction. Remote attackers possessing low privileges can exploit it to achieve high impacts on confidentiality, integrity, and availability, such as potential arbitrary code execution or system compromise.
Advisories from VulDB and related sources note that an exploit has been publicly released on GitHub and may be used for attacks. The vendor was contacted early about the disclosure but provided no response, and no patches or specific mitigations are available.
Details
- CWE(s)