CVE-2026-2080
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
Remote code execution in UTT HiPER 810 Firmware 1.7.4-141218 via command injection in the user administration function allows unauthenticated attackers to execute arbitrary commands over the network. The vulnerability exists in the passwd1 parameter of the /goform/formUser endpoint and has public exploit code available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all UTT HiPER 810 devices running version 1.7.4-141218 and isolate affected units from production networks if possible. Within 7 days: Implement network segmentation to restrict access to the vulnerable /goform/formUser endpoint, deploy WAF rules to block suspicious setSysAdm requests, and enable enhanced logging on affected devices. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today