CRITICAL🇵🇱 Wersja polska

CVE-2026-31059

CVSS 9.8v3.1pub. 2026-04-06upd. 2026-04-09

A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.

🤖 AI Analysis
How it works

The vulnerability is located in the /goform/formDia component handling HTTP requests on the UTT HiPER 520W device. An attacker can submit a specially crafted string to this endpoint, which leads to the execution of embedded system commands by the device. Due to the network vector (AV:N) and lack of authentication requirements (PR:N) and user interaction (UI:N), the attack can be conducted remotely without any privileges.

Impact

An attacker can execute arbitrary commands on the device with the privileges of the process handling requests, which in practice means complete takeover of the router, including the ability to compromise confidentiality, integrity, and availability of the system.

Mitigation & patch

Patches available from the manufacturer should be applied according to the references. Until the update is applied, it is recommended to restrict access to the device's administrative interface to trusted IP addresses only and isolate the device using a firewall.

Who is affected

UTT Aggressive HiPER 520W in firmware version v3v1.7.7-180627

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Utt 520w

    HW
    Utt
    3.0
  • Utt 520w Firmware

    OS
    Utt
    1.7.7-180627
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-2071HIGH7.4ten sam produkt

A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file...

CVE-2026-2070HIGH7.4ten sam produkt

A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the...

CVE-2026-2066HIGH7.4ten sam produkt

A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /gofo...

CVE-2026-2067HIGH7.4ten sam produkt

A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the functio...

CVE-2026-2068HIGH7.4ten sam produkt

A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /...