CVE-2026-0841
Published: 11 January 2026
Summary
CVE-2026-0841 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Utt 520W Firmware. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces validation of the importpictureurl argument's length and content to directly prevent the buffer overflow triggered by strcpy manipulation.
Provides runtime memory protections like stack canaries, DEP, and ASLR to block exploitation of the buffer overflow for arbitrary code execution.
Supports vulnerability scanning to identify network-exposed UTT 进取 520W routers running the vulnerable 1.7.7-180627 firmware for immediate isolation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow vulnerability in the router's public-facing web interface (/goform/formPictureUrl) enables remote exploitation over the network with low privileges required, directly facilitating T1190: Exploit Public-Facing Application.
NVD Description
A vulnerability was detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in buffer overflow. It is possible to launch the attack remotely. The…
more
exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2026-0841 is a buffer overflow vulnerability in the UTT 进取 520W router running firmware version 1.7.7-180627. The issue resides in the strcpy function within the /goform/formPictureUrl component, where manipulation of the importpictureurl argument triggers the overflow. This flaw, classified under CWE-119 and CWE-120, carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on January 11, 2026.
Attackers with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution or system compromise on the affected device.
No patches or mitigations are available from the vendor, who was contacted early about the disclosure but provided no response. Advisories from sources like VulDB note the issue, but practitioners should isolate or decommission affected UTT 进取 520W devices where possible.
The exploit is public and may already be in use, increasing the urgency for network defenders to scan for exposed instances of this firmware.
Details
- CWE(s)