What is the CVSS score of CVE-2026-2080?

CVE-2026-2080 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.4%.

Which versions of 810 Firmware are affected by CVE-2026-2080?

A high-severity vulnerability in UTT HiPER 810 devices allows unauthorized administrative access through the user management function, potentially enabling attackers to compromise network…

Is there a public PoC exploit available for CVE-2026-2080?

Yes, a public proof-of-concept exploit is available for CVE-2026-2080. Prioritise patching immediately. EPSS: 0.4%.

How to fix or mitigate CVE-2026-2080?

Within 24 hours: Inventory all UTT HiPER 810 devices running version 1.7.4-141218 and isolate affected units from production networks if possible. Within 7 days: Implement network segmentation to restrict access to the vulnerable /goform/formUser endpoint, deploy WAF rules to block suspicious setSysAdm requests, and enable enhanced logging on affected devices. Within 30 days: Contact UTT for patch availability, evaluate replacement hardware, and conduct security audit of potentially compromised systems for unauthorized administrative accounts.

810 Firmware CVE-2026-2080

HIGH

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2026-02-07 cna@vuldb.com

Command Injection 810 Firmware

7.2

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.2 HIGH

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

PoC Detected

Feb 13, 2026 - 18:49 vuln.today

Public exploit code

CVE Published

Feb 07, 2026 - 09:16 nvd

HIGH 7.2

DescriptionCVE.org

A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Remote code execution in UTT HiPER 810 Firmware 1.7.4-141218 via command injection in the user administration function allows unauthenticated attackers to execute arbitrary commands over the network. The vulnerability exists in the passwd1 parameter of the /goform/formUser endpoint and has public exploit code available. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Send authenticated request to /goform/formUser

Exploit

Inject OS commands in passwd1 parameter

Impact

Execute arbitrary commands as root

Access

Send authenticated request to /goform/formUser

Exploit

Inject OS commands in passwd1 parameter

Impact

Execute arbitrary commands as root

Vulnerability AssessmentAI

Exploitation	Attacker must possess valid administrative credentials for UTT HiPER 810 device running firmware version 1.7.4-141218 or earlier; access to /goform/formUser endpoint required. Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	CVSS 7.2 (HIGH). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A remote attacker could exploit this flaw, command injection.
Remediation	Monitor vendor advisories for a patch. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all UTT HiPER 810 devices running version 1.7.4-141218 and isolate affected units from production networks if possible. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-2080 vulnerability details – vuln.today

Back

810 Firmware CVE-2026-2080

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code