Cyber Resilience

CVE-2026-0841

HighPublic PoC

Published: 11 January 2026

Published
11 January 2026
Modified
13 January 2026
KEV Added
Patch
CVSS Score v4 7.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0341 87.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-0841 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 520W Firmware. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-0841 is a buffer overflow vulnerability in the UTT 进取 520W router running firmware version 1.7.7-180627. The issue resides in the strcpy function within the /goform/formPictureUrl component, where manipulation of the importpictureurl argument triggers the overflow. This flaw, classified under CWE-119 and CWE-120, carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on January 11, 2026.

Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise on the affected device.

No patches or mitigations are available from the vendor, who was contacted early about the disclosure but provided no response. Advisories from sources like VulDB note the issue, but practitioners should isolate or decommission affected UTT 进取 520W devices where possible.

The exploit is public and may already be in use, increasing the urgency for network defenders to scan for exposed instances of this firmware.

EU & UK References

Vulnerability details

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The…

more

exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Buffer overflow vulnerability in the router's public-facing web interface (/goform/formPictureUrl) enables remote exploitation over the network with low privileges required, directly facilitating T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-15459Same product: Utt 520W
CVE-2026-1139Same product: Utt 520W
CVE-2025-15462Same product: Utt 520W
CVE-2026-2071Same product: Utt 520W
CVE-2025-15460Same product: Utt 520W
CVE-2026-0837Same product: Utt 520W
CVE-2025-14141Same product: Utt 520W
CVE-2026-2067Same product: Utt 520W
CVE-2026-0836Same product: Utt 520W
CVE-2026-0839Same product: Utt 520W

Affected Assets

utt
520w firmware
≤ 1.7.7-180627

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces validation of the importpictureurl argument's length and content to directly prevent the buffer overflow triggered by strcpy manipulation.

prevent

Provides runtime memory protections like stack canaries, DEP, and ASLR to block exploitation of the buffer overflow for arbitrary code execution.

detect

Supports vulnerability scanning to identify network-exposed UTT 进取 520W routers running the vulnerable 1.7.7-180627 firmware for immediate isolation.

References