CRITICAL🇵🇱 Wersja polska

CVE-2025-70998

CVSS 9.8v3.1pub. 2026-02-18upd. 2026-02-19

UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.

🤖 AI Analysis
How it works

The UTT HiPER 810 / nv810v4 router firmware version v1.5.0-140603 contains built-in, default login credentials (CWE-1188 — insecure default initialization) for the telnet service. An attacker can remotely, without any privileges, connect to the device via telnet and use these default credentials. Subsequently, using a properly crafted script, it is possible to gain root-level access to the device's operating system.

Impact

An attacker can gain full administrative (root) access to the router, enabling device takeover, network traffic eavesdropping, modification of network configuration, and potential use of the device as a launching point for further attacks on the internal network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until the update is applied, it is recommended to disable the telnet service on the device, restrict access to management interfaces only to trusted IP addresses, and change the default credentials if the firmware allows.

Who is affected

UTT HiPER 810 / nv810v4 router with firmware version v1.5.0-140603

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Utt 810

    HW
    Utt
    4.0
  • Utt 810 Firmware

    OS
    Utt
    1.5.0-140603
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-2118HIGH7.3ten sam produkt

A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 ...

CVE-2026-2080HIGH7.3ten sam produkt

A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the...

CVE-2026-1162HIGH8.9ten sam produkt

A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /...

CVE-2026-2135LOW2.1ten sam produkt

W systemie UTT HiPER 810 w wersji 1.7.4-141218 wykryto podatność. Podatny element to funkcja sub_43F020 w plik...

CVE-2026-31059CRITICAL9.8PL ✓ten sam vendor

RCE w UTT HiPER 520W — wykonanie dowolnych poleceń przez /goform/formDia