Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Unauthenticated network-reachable SQL injection in the management interface with reported code execution yields AV:N/AC:L/PR:N and full C/I/A impact.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component
AnalysisAI
SQL injection in the UTT nv518G security gateway (firmware nv518GV3v3.2.7-210919-161313) lets remote attackers inject arbitrary SQL through the gohead/sub_463bbc component, which per the advisory escalates to arbitrary code execution on the device. The flaw is unauthenticated (CVSS 9.8, PR:N) and publicly available exploit code exists via a GitHub write-up, though it is not listed in CISA KEV; EPSS is low at 0.27% (18th percentile), indicating no evidence of widespread automated exploitation yet.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network reachability to the nv518G's web management interface (the embedded gohead HTTP server) and a request to the specific gohead/sub_463bbc handler; per CVSS AV:N/AC:L/PR:N/UI:N no authentication, special privileges, or user interaction are needed against the affected firmware nv518GV3v3.2.7-210919-161313. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are mostly aligned toward high theoretical severity but tempered real-world urgency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can reach the nv518G management web interface sends a crafted HTTP request to the gohead/sub_463bbc endpoint containing malicious SQL, requiring no credentials or user interaction. Per the researcher's report this injection is leveraged to achieve arbitrary code execution on the appliance, giving the attacker control of the gateway; a public proof-of-concept describing the vulnerable function is available on GitHub, lowering the barrier to weaponization. |
| Remediation | No vendor-released patch identified at time of analysis - the references point only to the UTT firmware download center (https://utt.com.cn/downloadcenter.php?filetypeid=3&model=518G&lang=zhcn) and a third-party researcher report, not a tagged fixed release, so administrators should check that portal for a firmware build newer than nv518GV3v3.2.7-210919-161313 and contact UTT support to confirm a fix. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Execute network scan for UTT nv518G devices; physically or logically isolate affected units from production traffic; document inventory with firmware versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41224
GHSA-jqfc-j8hw-pcfx