Skip to main content

520w Firmware CVE-2026-31067

| EUVD-2026-19267 MEDIUM
OS Command Injection (CWE-78)
2026-04-06 cve@mitre.org GHSA-4c3f-9h8p-j5x9
Command Injection 520w Firmware
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 15:22 euvd
EUVD-2026-19267
Analysis Generated
Apr 06, 2026 - 15:22 vuln.today
CVE Published
Apr 06, 2026 - 15:17 nvd
MEDIUM 6.8

DescriptionCVE.org

A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.

AnalysisAI

Remote command execution in UTT Aggressive 520W v3v1.7.7-180627 via the /goform/formReleaseConnect component allows authenticated attackers with high privileges to execute arbitrary system commands through a crafted string parameter, resulting in complete system compromise (confidentiality, integrity, and availability impact). No public exploit code or active exploitation has been confirmed at the time of analysis.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment While the CVSS score of 6.8 reflects moderate severity, several factors warrant careful contextualization. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has already obtained authenticated high-privilege access to the UTT Aggressive 520W device management interface (either through credential compromise, insider threat, or successful exploitation of a separate vulnerability) sends a specially crafted HTTP POST request to /goform/formReleaseConnect with command injection payload in a string parameter. The vulnerable component fails to sanitize the input, allowing the attacker to break out of the intended command context and execute arbitrary system commands with device root privileges. …
Remediation The primary remediation is to upgrade UTT Aggressive 520W firmware to a patched version released by the vendor; however, exact patched version numbers were not specified in the available reference data. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-31067 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy