Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
UTT HiPER 520 Web Interface Allows Unauthorized Code Execution
CVE-2026-2846
Summary
A security issue in UTT HiPER 520's web interface allows an attacker to execute unauthorized code on the device remotely. This can occur when a specially crafted input is sent to the device. To stay secure, update to the latest version of UTT HiPER 520.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| utt | 520_firmware | 1.7.7-160105 | – |
Original title
A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The man...
Original description
A security vulnerability has been detected in UTT HiPER 520 1.7.7-160105. This impacts the function sub_44D264 of the file /goform/formPdbUpConfig of the component Web Management Interface. The manipulation of the argument policyNames leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
nvd CVSS2.0
8.3
nvd CVSS3.1
7.2
nvd CVSS4.0
7.3
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
- https://github.com/cha0yang1/UTT520CVE/blob/main/UTTRCE1.md Exploit Third Party Advisory
- https://vuldb.com/?ctiid.347082 Permissions Required VDB Entry
- https://vuldb.com/?id.347082 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.753964 Third Party Advisory VDB Entry
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026