A remote command execution (RCE) vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string.
The vulnerability is located in the /goform/formDia component handling HTTP requests on the UTT HiPER 520W device. An attacker can submit a specially crafted string to this endpoint, which leads to the execution of embedded system commands by the device. Due to the network vector (AV:N) and lack of authentication requirements (PR:N) and user interaction (UI:N), the attack can be conducted remotely without any privileges.
An attacker can execute arbitrary commands on the device with the privileges of the process handling requests, which in practice means complete takeover of the router, including the ability to compromise confidentiality, integrity, and availability of the system.
Patches available from the manufacturer should be applied according to the references. Until the update is applied, it is recommended to restrict access to the device's administrative interface to trusted IP addresses only and isolate the device using a firewall.
UTT Aggressive HiPER 520W in firmware version v3v1.7.7-180627
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HUtt 520w
HWUtt3.0Utt 520w Firmware
OSUtt1.7.7-180627
Related vulnerabilities
A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file...
A vulnerability has been found in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the...
A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /gofo...
A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the functio...
A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /...