Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
UTT HiPER 520: Remote Code Execution via Web Management Interface
CVE-2026-2847
Summary
A security flaw in the Web Management Interface of UTT HiPER 520 allows a hacker to execute unauthorized commands on the device from anywhere. This could allow an attacker to access sensitive data or take control of the device. Users should update to the latest version of UTT HiPER 520 to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| utt | 520_firmware | 1.7.7-160105 | – |
Original title
A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of...
Original description
A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub_44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of the argument Isp_Name results in os command injection. The attack can be launched remotely. The exploit is now public and may be used.
nvd CVSS2.0
8.3
nvd CVSS3.1
7.2
nvd CVSS4.0
7.3
Vulnerability type
CWE-77
Command Injection
CWE-78
OS Command Injection
- https://vuldb.com/?id.347083 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.753965 Third Party Advisory VDB Entry
- https://github.com/cha0yang1/UTT520CVE/blob/main/UTTRCE2.md Exploit Third Party Advisory
- https://vuldb.com/?ctiid.347083 Permissions Required VDB Entry
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026